Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'HcMEsEIo.exe' = '%HOMEPATH%\MgIAkAYo\HcMEsEIo.exe'
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\run] 'WqIcwYww.exe' = '%ALLUSERSPROFILE%\OAMIoUIM\WqIcwYww.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\OAMIoUIM\WqIcwYww.exe,'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe,%ALLUSERSPROFILE%\OAMIoUIM\WqIcwYww.exe,'
- %HOMEPATH%\mgiakayo\hcmeseio
- %ALLUSERSPROFILE%\oamiouim\wqicwyww
- %HOMEPATH%\mgiakayo\hcmeseio.exe
- %ALLUSERSPROFILE%\oamiouim\wqicwyww.exe
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'WqIcwYww.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\mgiakayo\hcmeseio.exe'
- '%ALLUSERSPROFILE%\oamiouim\wqicwyww.exe'