Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'cqYAQgkc.exe' = '%HOMEPATH%\bcYwoQoQ\cqYAQgkc.exe'
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\run] 'dkoYMIoc.exe' = '%ALLUSERSPROFILE%\lKsYMoIg\dkoYMIoc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\lKsYMoIg\dkoYMIoc.exe,'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe,%ALLUSERSPROFILE%\lKsYMoIg\dkoYMIoc.exe,'
- %HOMEPATH%\bcywoqoq\cqyaqgkc
- %ALLUSERSPROFILE%\lksymoig\dkoymioc
- %HOMEPATH%\bcywoqoq\cqyaqgkc.exe
- %ALLUSERSPROFILE%\lksymoig\dkoymioc.exe
- 'bl##k.io':443
- DNS ASK bl##k.io
- '%ALLUSERSPROFILE%\lksymoig\dkoymioc.exe'
- '%HOMEPATH%\bcywoqoq\cqyaqgkc.exe'