Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'qckrumxqmoueib' = '%APPDATA%\uxaodfscne\mhaw.exe "%TEMP%\yjehnq.exe" %TEMP%\�'
- yjehnq.exe
- %TEMP%\nsxbf0b.tmp
- %TEMP%\izjxlzldbb.di
- %TEMP%\cmkhlgxunoo.ag
- %TEMP%\yjehnq.exe
- %APPDATA%\uxaodfscne\mhaw.exe
- '89.#7.99.49':5888
- 'ge###ugin.net':80
- http://ge###ugin.net/json.gp
- '89.#7.99.49':5888
- DNS ASK ge###ugin.net
- '%TEMP%\yjehnq.exe' %TEMP%\cmkhlgxunoo.ag
- '%TEMP%\yjehnq.exe'