Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Mpemim eaycpa] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Mpemim eaycpa] 'ImagePath' = '%WINDIR%\Temp\Kiaogxq.exe'
- %WINDIR%\temp\kiaogxq.exe
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@ys168[1].txt
- http://15#####344.ys168.com/
- DNS ASK sw####ex.ddns.net
- DNS ASK 15#####344.ys168.com
- '%WINDIR%\temp\kiaogxq.exe'