Technical Information
- %WINDIR%\tasks\cugqcm.job
- <SYSTEM32>\tasks\cugqcm
- %WINDIR%\tasks\fkigeuskcgwcmwinfjb.job
- <SYSTEM32>\tasks\fkigeuskcgwcmwinfjb
- %PROGRAMDATA%\hjlmo\cugqcm.exe
- %WINDIR%\temp\xusq.exe
- %WINDIR%\tasks\cugqcm.job
- %WINDIR%\tasks\fkigeuskcgwcmwinfjb.job
- <SYSTEM32>\tasks\fkigeuskcgwcmwinfjb
- %PROGRAMDATA%\hjlmo\cugqcm.exe
- <SYSTEM32>\tasks\cugqcm
- http://wc#####xmail19mn.xyz/socks111.exe
- DNS ASK ad###og179.xyz
- DNS ASK wc#####xmail19mn.xyz
- '%PROGRAMDATA%\hjlmo\cugqcm.exe' start
- '%WINDIR%\temp\xusq.exe'
- '%PROGRAMDATA%\hjlmo\cugqcm.exe' start' (with hidden window)
- '%WINDIR%\temp\xusq.exe' ' (with hidden window)
- '%PROGRAMDATA%\noljhf\njgm.exe' start' (with hidden window)