Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,"%APPDATA%\Oydswik\Gftyfvxyr.exe",'
- %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe
- %APPDATA%\oydswik\gftyfvxyr.exe
- 'gi##ub.com':443
- 'ra#.####ubusercontent.com':443
- '87.##1.187.83':4457
- 'gi##ub.com':443
- 'ra#.####ubusercontent.com':443
- DNS ASK gi##ub.com
- DNS ASK ra#.####ubusercontent.com
- '%WINDIR%\syswow64\cmd.exe' /c timeout 32' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 32
- '%WINDIR%\syswow64\timeout.exe' 32
- '%WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe'