Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SearchIndexere' = '\SearchIndexere\SearchIndexer.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SearchIndexere' = '%LOCALAPPDATA%\SearchIndexere\SearchIndexer.exe'
- quqyvatbckj.exe
- %TEMP%\jsqdhazn.exe
- %TEMP%\quqyvatbckj.exe
- %TEMP%\quqyvatbckj\quqyvatbckj.exe
- nul
- C:\searchindexere\searchindexer.exe
- %LOCALAPPDATA%\searchindexere\searchindexer.exe
- %APPDATA%\imminent\logs\13-10-2020
- %APPDATA%\imminent\path.dat
- %TEMP%\quqyvatbckj\quqyvatbckj.exe
- %TEMP%\quqyvatbckj.exe
- 'ch######ndubled.duckdns.org':9003
- DNS ASK ch######ndubled.duckdns.org
- '%TEMP%\jsqdhazn.exe'
- '%TEMP%\quqyvatbckj.exe'
- '%TEMP%\quqyvatbckj\quqyvatbckj.exe'
- '%WINDIR%\syswow64\cmd.exe' /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "%TEMP%\Quqyvatbckj.exe"' (with hidden window)
- '%WINDIR%\syswow64\taskmgr.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "%TEMP%\Quqyvatbckj.exe"
- '%WINDIR%\syswow64\ping.exe' 1.1.1.1 -n 1 -w 1000
- '%WINDIR%\syswow64\taskmgr.exe'