Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Epmram cumzow] 'Start' = '00000002'
- '%PROGRAM_FILES%\Windows Qeuofw\Qyaghuu.exe'
- 'C:\Kpbcoy.exe'
- '<SYSTEM32>\wscript.exe' "C:\9972.vbs"
- '<SYSTEM32>\wscript.exe' "C:\3795.vbs"
- %PROGRAM_FILES%\Windows Qeuofw\Qyaghuu.exe
- C:\9972.vbs
- C:\Kpbcoy.exe
- C:\3795.vbs
- C:\9972.vbs
- C:\Kpbcoy.exe
- C:\3795.vbs
- 'www.kx##00.com':1070
- DNS ASK www.kx##00.com