Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'fosMsEcE.exe' = '%HOMEPATH%\YCAsMEkA\fosMsEcE.exe'
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\run] 'aQQQAsog.exe' = '%ALLUSERSPROFILE%\XogokcUY\aQQQAsog.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\XogokcUY\aQQQAsog.exe,'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe,%ALLUSERSPROFILE%\XogokcUY\aQQQAsog.exe,'
- %HOMEPATH%\ycasmeka\fosmsece
- %ALLUSERSPROFILE%\xogokcuy\aqqqasog
- %HOMEPATH%\ycasmeka\fosmsece.exe
- %ALLUSERSPROFILE%\xogokcuy\aqqqasog.exe
- %WINDIR%\syswow64\config\systemprofile\ycasmeka\fosmsece
- <Current directory>\ducq.exe
- <Current directory>\hgam.exe
- <Current directory>\iwck.exe
- <Current directory>\rgkg.exe
- <Current directory>\maym.exe
- <Current directory>\pswa.exe
- <Current directory>\cmmg.exe
- <Current directory>\ducq.exe
- <Current directory>\hgam.exe
- <Current directory>\iwck.exe
- <Current directory>\rgkg.exe
- <Current directory>\maym.exe
- <Current directory>\pswa.exe
- <Current directory>\cmmg.exe
- 'bl##k.io':443
- DNS ASK bl##k.io
- '%ALLUSERSPROFILE%\xogokcuy\aqqqasog.exe'
- '%HOMEPATH%\ycasmeka\fosmsece.exe'