Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'YOYsYcsU.exe' = '%HOMEPATH%\iQQUQQoM\YOYsYcsU.exe'
- [<HKLM>\System\CurrentControlSet\Services\qEAAAwby] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\qEAAAwby] 'ImagePath' = '%ALLUSERSPROFILE%\bGYwokQI\RKQoMUsk.exe'
- 'qEAAAwby' %ALLUSERSPROFILE%\bGYwokQI\RKQoMUsk.exe
- %HOMEPATH%\iqquqqom\yoysycsu
- %ALLUSERSPROFILE%\dieiocqi\boggcaws
- %HOMEPATH%\iqquqqom\yoysycsu.exe
- %ALLUSERSPROFILE%\bgywokqi\rkqomusk.exe
- %WINDIR%\syswow64\config\systemprofile\iqquqqom\yoysycsu
- %ALLUSERSPROFILE%\hcwe.txt
- <Current directory>\fiaa.ico
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'bOggcAws.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\iqquqqom\yoysycsu.exe'
- '%ALLUSERSPROFILE%\bgywokqi\rkqomusk.exe'