Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'WGUEYIMU.exe' = '%HOMEPATH%\yCcEUsgE\WGUEYIMU.exe'
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\run] 'HkcAIckg.exe' = '%ALLUSERSPROFILE%\sMAoggUI\HkcAIckg.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\sMAoggUI\HkcAIckg.exe,'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe,%ALLUSERSPROFILE%\sMAoggUI\HkcAIckg.exe,'
- %HOMEPATH%\ycceusge\wgueyimu
- %ALLUSERSPROFILE%\smaoggui\hkcaickg
- %HOMEPATH%\ycceusge\wgueyimu.exe
- %ALLUSERSPROFILE%\smaoggui\hkcaickg.exe
- %WINDIR%\syswow64\config\systemprofile\ycceusge\wgueyimu
- <Current directory>\kmga.exe
- <Current directory>\seya.exe
- <Current directory>\nqyg.exe
- <Current directory>\vyoc.exe
- <Current directory>\bmmo.exe
- <Current directory>\kcgs.exe
- <Current directory>\bkuq.exe
- <Current directory>\dqyw.exe
- <Current directory>\zmwk.exe
- <Current directory>\kmga.exe
- <Current directory>\seya.exe
- <Current directory>\nqyg.exe
- <Current directory>\vyoc.exe
- <Current directory>\bmmo.exe
- <Current directory>\kcgs.exe
- <Current directory>\bkuq.exe
- <Current directory>\dqyw.exe
- <Current directory>\zmwk.exe
- 'bl##k.io':443
- DNS ASK bl##k.io
- '%ALLUSERSPROFILE%\smaoggui\hkcaickg.exe'
- '%HOMEPATH%\ycceusge\wgueyimu.exe'