Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'dQEIIcks.exe' = '%HOMEPATH%\oocMAoQU\dQEIIcks.exe'
- [<HKLM>\System\CurrentControlSet\Services\HMIYoEwb] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\HMIYoEwb] 'ImagePath' = '%ALLUSERSPROFILE%\yUkYsIoo\GMMckgkE.exe'
- 'HMIYoEwb' %ALLUSERSPROFILE%\yUkYsIoo\GMMckgkE.exe
- %HOMEPATH%\oocmaoqu\dqeiicks
- %ALLUSERSPROFILE%\eykiacks\gicyaeag
- %HOMEPATH%\oocmaoqu\dqeiicks.exe
- %ALLUSERSPROFILE%\yukysioo\gmmckgke.exe
- %ALLUSERSPROFILE%\loow.txt
- %WINDIR%\syswow64\config\systemprofile\oocmaoqu\dqeiicks
- <Current directory>\fmau.exe
- <Current directory>\fmau.exe
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'GicYAEAg.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\oocmaoqu\dqeiicks.exe'
- '%ALLUSERSPROFILE%\yukysioo\gmmckgke.exe'