Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'irakikof' = '"%WINDIR%\etih\yfobihom.exe"'
- %WINDIR%\syswow64\attrib.exe
- <SYSTEM32>\dwm.exe
- <SYSTEM32>\taskhost.exe
- %WINDIR%\syswow64\explorer.exe
- iexplore.exe
- firefox.exe
- %PROGRAMDATA%\imebuwal\ujmsidul.dat
- %PROGRAMDATA%\sun\ujmsidul.bkp
- %PROGRAMDATA%\imebuwal\xculixot.dat
- %PROGRAMDATA%\imebuwal\itawajok.dat
- %WINDIR%\etih\yfobihom.exe
- http://google.com/
- http://www.google.com/
- DNS ASK bb###update.ru
- DNS ASK google.com
- ClassName: 'shell_traywnd' WindowName: ''
- '%WINDIR%\syswow64\attrib.exe' ' (with hidden window)
- '%WINDIR%\syswow64\explorer.exe' ' (with hidden window)
- '%WINDIR%\syswow64\attrib.exe'
- '%WINDIR%\syswow64\explorer.exe'