Technical Information
- [<HKLM>\SYSTEM\ControlSet001\services\Device Power Logs Remote Connection] 'Start' = '00000002'
- 'C:\wcqcfnim\nbqopdd.exe' "c:\wcqcfnim\hyifduv.exe"
- 'C:\wcqcfnim\hyifduv.exe'
- 'C:\wcqcfnim\j1h8qi7oeqqo0fjd.exe'
- C:\wcqcfnim\hyifduv.exe
- C:\wcqcfnim\nbqopdd.exe
- C:\wcqcfnim\sejqxzubndlt
- %WINDIR%\wcqcfnim\iycfiqqroh
- C:\wcqcfnim\iycfiqqroh
- C:\wcqcfnim\j1h8qi7oeqqo0fjd.exe
- C:\wcqcfnim\nbqopdd.exe
- C:\wcqcfnim\hyifduv.exe
- C:\wcqcfnim\j1h8qi7oeqqo0fjd.exe
- %WINDIR%\wcqcfnim\iycfiqqroh
- DNS ASK wi####success.net
- DNS ASK su####spring.net
- DNS ASK su####success.net
- DNS ASK su####banker.net
- DNS ASK wi####banker.net
- DNS ASK dn#.##ftncsi.com
- DNS ASK th###banker.net
- DNS ASK wi###nfound.net
- DNS ASK wi####spring.net
- DNS ASK su###rfound.net
- ClassName: 'Shell_TrayWnd' WindowName: ''