Technical Information
- [<HKLM>\System\CurrentControlSet\Services\VaultSvcbyk] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\VaultSvcbyk] 'ImagePath' = '%ALLUSERSPROFILE%\Logs\jriephqi.exe'
- 'VaultSvcbyk' %ALLUSERSPROFILE%\Logs\jriephqi.exe
- %WINDIR%\syswow64\svchost.exe
- %ALLUSERSPROFILE%\logs\jriephqi.exe
- %ALLUSERSPROFILE%\logs\jriephqi.exe
- '45.##2.214.217':80
- 'if##nfig.me':80
- http://if##nfig.me//
- http://45.##2.214.217/jutcvdxl274qj33kr2qkxlxlz6aumy6.php
- http://45.##2.214.217/yi5yoyq29r0mzbnz6q26q.php
- DNS ASK if##nfig.me
- '%WINDIR%\syswow64\svchost.exe' -k netsvcs