Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'tagorsia' = '%LOCALAPPDATA%\wiqthr.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tagorsia' = '%LOCALAPPDATA%\wiqthr.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\tendm.exe
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%LOCALAPPDATA%\wiqthr.exe' = '%LOCALAPPDATA%\wiqthr.exe:*:Enabled:...
- %LOCALAPPDATA%\wiqthr.exe
- %LOCALAPPDATA%\wiqthr.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\tendm.exe
- '17#.#1.62.76':2345
- DNS ASK or###aurl.com
- DNS ASK de####ontier.com
- DNS ASK sh#####urses.vic.gov.au
- DNS ASK sh####ilms.org.uk
- DNS ASK sh###task.com
- DNS ASK br#####nttrips.co.uk
- DNS ASK ra###time.com
- DNS ASK us##eam.tv
- DNS ASK ar###games.com
- DNS ASK or###a.co.il
- DNS ASK be###ues.com
- DNS ASK cu###bear.com
- DNS ASK ke####dbeararms.com
- DNS ASK au####rket.com.au
- DNS ASK sh####earches.info
- DNS ASK af##ca.com
- DNS ASK cy##ms.org
- DNS ASK na##tol.com
- DNS ASK we##.com
- DNS ASK de###ralive.net
- '%LOCALAPPDATA%\wiqthr.exe'
- '%LOCALAPPDATA%\wiqthr.exe' ' (with hidden window)