Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'kisuugnosat' = '%APPDATA%\Ydud\ximo.exe'
- <SYSTEM32>\msiexec.exe
- opera.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\stats[1].htm
- %APPDATA%\Xoop\ysudf.ale
- %APPDATA%\Ydud\ximo.exe
- <Full path to file>
- 'jx#####lccckkrrb.com':80
- 'jx#####lccckkrrb.com':443
- '13#.#42.190.39':80
- http://jx#####lccckkrrb.com/update_64a.php
- http://13#.#42.190.39/stats.php
- DNS ASK jx#####lccckkrrb.com
- '<SYSTEM32>\msiexec.exe'