Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'vMAQskEY.exe' = '%HOMEPATH%\xGsMwcYQ\vMAQskEY.exe'
- [<HKLM>\System\CurrentControlSet\Services\cAMMEMSS] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\cAMMEMSS] 'ImagePath' = '%ALLUSERSPROFILE%\LUcckosc\lysYUgwc.exe'
- 'cAMMEMSS' %ALLUSERSPROFILE%\LUcckosc\lysYUgwc.exe
- %HOMEPATH%\xgsmwcyq\vmaqskey
- %ALLUSERSPROFILE%\jaaaimaq\hekgeycw
- %HOMEPATH%\xgsmwcyq\vmaqskey.exe
- %ALLUSERSPROFILE%\lucckosc\lysyugwc.exe
- %WINDIR%\syswow64\config\systemprofile\xgsmwcyq\vmaqskey
- %ALLUSERSPROFILE%\kgyo.txt
- <Current directory>\meuo.ico
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'hEkgEYcw.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\xgsmwcyq\vmaqskey.exe'
- '%ALLUSERSPROFILE%\lucckosc\lysyugwc.exe'