Technical Information
- [<HKLM>\System\CurrentControlSet\Services\SensrSvcczks] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\SensrSvcczks] 'ImagePath' = '%ALLUSERSPROFILE%\Logs\qientuk.exe'
- 'SensrSvcczks' %ALLUSERSPROFILE%\Logs\qientuk.exe
- %WINDIR%\syswow64\svchost.exe
- %ALLUSERSPROFILE%\logs\qientuk.exe
- %ALLUSERSPROFILE%\logs\qientuk.exe
- '45.##.229.148':80
- 'if##nfig.me':80
- http://if##nfig.me//
- http://45.##.229.148/qk3pspi7x2k12l9zmiymymigx5pz6.php
- DNS ASK if##nfig.me
- '%WINDIR%\syswow64\svchost.exe' -k netsvcs