Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ybmat' = '%APPDATA%\Qeuto\udyloh.exe'
- %WINDIR%\syswow64\msiexec.exe
- %APPDATA%\qeuto\udyloh.exe
- %APPDATA%\ewylso\ekcaukti.cykia
- %TEMP%\owupi.tmp-shm
- %TEMP%\owupi.tmp-shm
- 'fq#####sywublocpheas.eu':443
- DNS ASK fq#####sywublocpheas.ru
- DNS ASK fq#####sywublocpheas.su
- DNS ASK fq#####sywublocpheas.eu
- '%WINDIR%\syswow64\cmd.exe' /c ipconfig /all' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c net config workstation' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c net view /all' (with hidden window)
- '%WINDIR%\syswow64\msiexec.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ipconfig /all
- '%WINDIR%\syswow64\ipconfig.exe' /all
- '%WINDIR%\syswow64\cmd.exe' /c net config workstation
- '%WINDIR%\syswow64\net.exe' config workstation
- '%WINDIR%\syswow64\net1.exe' config workstation
- '%WINDIR%\syswow64\cmd.exe' /c net view /all
- '%WINDIR%\syswow64\net.exe' view /all