Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Kmomca asqgqsws' = '%ProgramFiles(x86)%\Microsoft Sbgxad\Uumeyiu.exe'
- %ProgramFiles(x86)%\microsoft sbgxad\uumeyiu.exe
- C:\5062.vbs
- %ProgramFiles(x86)%\microsoft sbgxad\uumeyiu.exe
- C:\5062.vbs
- DNS ASK ha##1433.ml
- '%ProgramFiles(x86)%\microsoft sbgxad\uumeyiu.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\5062.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\5062.vbs"' (with hidden window)