Technical Information
- [<HKLM>\System\CurrentControlSet\Services\eventlogaayk] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\eventlogaayk] 'ImagePath' = '%ALLUSERSPROFILE%\Logs\nriczkdmr.exe'
- 'eventlogaayk' %ALLUSERSPROFILE%\Logs\nriczkdmr.exe
- %WINDIR%\syswow64\svchost.exe
- %ALLUSERSPROFILE%\logs\nriczkdmr.exe
- %ALLUSERSPROFILE%\logs\nriczkdmr.exe
- '45.##.229.148':80
- 'if##nfig.me':80
- http://if##nfig.me//
- http://45.##.229.148/gda6fcbeylw2jgkfmieecbacvmy4p.php
- DNS ASK if##nfig.me
- '%WINDIR%\syswow64\svchost.exe' -k netsvcs