Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'cqzdpbfou' = 'yytjhfvqigqtscbfbxfmt.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'qgrxlzfqymm' = '%TEMP%\vqgrkdoerkpnhmgf.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'vkuzmzeovi' = '%TEMP%\lianidqixszzvcyzsl.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'yinnv' = 'yytjhfvqigqtscbfbxfmt.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = 'wunbxthaqmuvsaxztnt.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'wiprbln' = 'cypbvpbsgagfagbbt.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'wiprbln' = 'yytjhfvqigqtscbfbxfmt.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lygjufiq' = 'cypbvpbsgagfagbbt.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'cqzdpbfou' = 'cypbvpbsgagfagbbt.exe .'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'cqzdpbfou' = 'vqgrkdoerkpnhmgf.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'qgrxlzfqymm' = '%TEMP%\yytjhfvqigqtscbfbxfmt.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'pycb' = '%TEMP%\cypbvpbsgagfagbbt.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'yinnv' = '%TEMP%\wunbxthaqmuvsaxztnt.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'yinnv' = 'lianidqixszzvcyzsl.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'wiprbln' = 'wunbxthaqmuvsaxztnt.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'qgrxlzfqymm' = '%TEMP%\wunbxthaqmuvsaxztnt.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'pycb' = '%TEMP%\wunbxthaqmuvsaxztnt.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = '%TEMP%\lianidqixszzvcyzsl.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = 'cypbvpbsgagfagbbt.exe .'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lygjufiq' = 'yytjhfvqigqtscbfbxfmt.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'vkuzmzeovi' = '%TEMP%\vqgrkdoerkpnhmgf.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'pycb' = '%TEMP%\yytjhfvqigqtscbfbxfmt.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = '%TEMP%\jicrolaulirtraybwrye.exe .'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = '%TEMP%\wunbxthaqmuvsaxztnt.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'pycb' = '%TEMP%\lianidqixszzvcyzsl.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lygjufiq' = 'lianidqixszzvcyzsl.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'yinnv' = '%TEMP%\jicrolaulirtraybwrye.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = '%TEMP%\yytjhfvqigqtscbfbxfmt.exe .'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'yinnv' = '%TEMP%\lianidqixszzvcyzsl.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'yinnv' = 'cypbvpbsgagfagbbt.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = 'lianidqixszzvcyzsl.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'wiprbln' = 'vqgrkdoerkpnhmgf.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lygjufiq' = 'jicrolaulirtraybwrye.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'cqzdpbfou' = 'wunbxthaqmuvsaxztnt.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'qgrxlzfqymm' = '%TEMP%\jicrolaulirtraybwrye.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'vkuzmzeovi' = '%TEMP%\wunbxthaqmuvsaxztnt.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'pycb' = '%TEMP%\jicrolaulirtraybwrye.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'yinnv' = '%TEMP%\cypbvpbsgagfagbbt.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = '%TEMP%\cypbvpbsgagfagbbt.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'yinnv' = 'jicrolaulirtraybwrye.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = 'vqgrkdoerkpnhmgf.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'wiprbln' = 'jicrolaulirtraybwrye.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lygjufiq' = 'vqgrkdoerkpnhmgf.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'qgrxlzfqymm' = '%TEMP%\lianidqixszzvcyzsl.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'vkuzmzeovi' = '%TEMP%\cypbvpbsgagfagbbt.exe .'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lygjufiq' = 'wunbxthaqmuvsaxztnt.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'cqzdpbfou' = 'jicrolaulirtraybwrye.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'qgrxlzfqymm' = '%TEMP%\cypbvpbsgagfagbbt.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'yinnv' = '%TEMP%\yytjhfvqigqtscbfbxfmt.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'vkuzmzeovi' = '%TEMP%\jicrolaulirtraybwrye.exe .'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = '%TEMP%\vqgrkdoerkpnhmgf.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'pycb' = '%TEMP%\vqgrkdoerkpnhmgf.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'yinnv' = 'vqgrkdoerkpnhmgf.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'juabkt' = 'jicrolaulirtraybwrye.exe .'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'wiprbln' = 'lianidqixszzvcyzsl.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'vkuzmzeovi' = '%TEMP%\yytjhfvqigqtscbfbxfmt.exe .'
- hidden files
- Registry Editor (RegEdit)
- User Account Control (UAC)
- %TEMP%\yinnv.exe
- %WINDIR%\syswow64\iqtrxdbeekcnumtfjndshtbec.omp
- %ProgramFiles(x86)%\iqtrxdbeekcnumtfjndshtbec.omp
- %LOCALAPPDATA%\iqtrxdbeekcnumtfjndshtbec.omp
- %WINDIR%\iqtrxdbeekcnumtfjndshtbec.omp
- %TEMP%\iqtrxdbeekcnumtfjndshtbec.omp
- %WINDIR%\syswow64\nguduluitknjbewtixyyyvoclctcqbsvrjme.qfg
- %ProgramFiles(x86)%\nguduluitknjbewtixyyyvoclctcqbsvrjme.qfg
- %LOCALAPPDATA%\nguduluitknjbewtixyyyvoclctcqbsvrjme.qfg
- %WINDIR%\nguduluitknjbewtixyyyvoclctcqbsvrjme.qfg
- %TEMP%\nguduluitknjbewtixyyyvoclctcqbsvrjme.qfg
- %WINDIR%\syswow64\iqtrxdbeekcnumtfjndshtbec.omp
- %ProgramFiles(x86)%\iqtrxdbeekcnumtfjndshtbec.omp
- %LOCALAPPDATA%\iqtrxdbeekcnumtfjndshtbec.omp
- %WINDIR%\iqtrxdbeekcnumtfjndshtbec.omp
- %TEMP%\iqtrxdbeekcnumtfjndshtbec.omp
- %WINDIR%\syswow64\nguduluitknjbewtixyyyvoclctcqbsvrjme.qfg
- %ProgramFiles(x86)%\nguduluitknjbewtixyyyvoclctcqbsvrjme.qfg
- %LOCALAPPDATA%\nguduluitknjbewtixyyyvoclctcqbsvrjme.qfg
- %WINDIR%\nguduluitknjbewtixyyyvoclctcqbsvrjme.qfg
- %TEMP%\nguduluitknjbewtixyyyvoclctcqbsvrjme.qfg
- 'wh###smyip.com':80
- 'sh####ipaddress.com':80
- 'wh#####yipaddress.com':80
- 'eb##.com':80
- 'ze###etemo.info':80
- '<LOCALNET>.28.2':445
- '<LOCALNET>.28.2':139
- 'xk###hpyr.info':80
- http://www.wh###smyip.com/
- http://www.sh####ipaddress.com/
- http://wh#####yipaddress.com/
- http://www.eb##.com/
- http://ze###etemo.info/
- http://xk###hpyr.info/
- DNS ASK rt####mposjy.info
- DNS ASK tg##fz.net
- DNS ASK xk###hpyr.info
- DNS ASK dw##sqh.com
- DNS ASK os###wjhg.net
- DNS ASK ma####kawkws.com
- DNS ASK gc###un.info
- DNS ASK tq##vwl.com
- DNS ASK bm####ashfes.info
- DNS ASK lv###hhq.net
- DNS ASK lu###uvmbsp.com
- DNS ASK cc###gio.org
- DNS ASK fp###rogcv.info
- DNS ASK ow####tlkbju.info
- DNS ASK yi###oqccs.org
- DNS ASK mo####suueay.org
- DNS ASK qq###ormn.info
- DNS ASK yz####cqpjgn.info
- DNS ASK sr###cxkhk.info
- DNS ASK lu##ae.info
- DNS ASK ma####adpqm.info
- DNS ASK wl###lqm.net
- DNS ASK vv####qsreo.info
- DNS ASK sh####ipaddress.com
- DNS ASK wh#####yipaddress.com
- DNS ASK wh#####yip.everdot.org
- DNS ASK wh###smyip.ca
- DNS ASK eb##.com
- DNS ASK qs##vgx.net
- DNS ASK em###ugfr.net
- DNS ASK xi###iekr.info
- DNS ASK wh###smyip.com
- DNS ASK cg##uj.net
- DNS ASK ie###yuwum.org
- DNS ASK hm###ucnuij.org
- DNS ASK qs####mcyumy.com
- DNS ASK cn##yj.net
- DNS ASK tk##rz.info
- DNS ASK ok###iwque.org
- DNS ASK ly###il.info
- DNS ASK aj##jw.info
- DNS ASK ze###etemo.info
- 'localhost':54170
- 'localhost':62321
- '%TEMP%\yinnv.exe' "-"