Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Kbcstb Eevno] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Kbcstb Eevno] 'ImagePath' = '<SYSTEM32>\ycogcg.exe'
- 'Kbcstb Eevno' <SYSTEM32>\ycogcg.exe
- %WINDIR%\syswow64\ycogcg.exe
- 'ip.##inaz.com':80
- '<LOCALNET>.1.101':9981
- '<LOCALNET>.20.27':9981
- DNS ASK ip.##inaz.com
- '%WINDIR%\syswow64\ycogcg.exe'
- '%WINDIR%\syswow64\ycogcg.exe' Win7
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul