Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Keying Acquisition Net.Tcp Windows] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Keying Acquisition Net.Tcp Windows] 'ImagePath' = 'C:\weeydzecgtmkjoi\uyvedmied.exe'
- 'Keying Acquisition Net.Tcp Windows' C:\weeydzecgtmkjoi\uyvedmied.exe
- %WINDIR%\weeydzecgtmkjoi\gqxrjtmhrd8p
- C:\weeydzecgtmkjoi\gqxrjtmhrd8p
- C:\weeydzecgtmkjoi\o1onaxbfedcsrppog.exe
- C:\weeydzecgtmkjoi\uyvedmied.exe
- C:\weeydzecgtmkjoi\obkxexpk.exe
- C:\weeydzecgtmkjoi\uyvedmied.exe
- C:\weeydzecgtmkjoi\obkxexpk.exe
- %WINDIR%\weeydzecgtmkjoi\gqxrjtmhrd8p
- C:\weeydzecgtmkjoi\o1onaxbfedcsrppog.exe
- %WINDIR%\weeydzecgtmkjoi\gqxrjtmhrd8p
- DNS ASK ge####enough.net
- DNS ASK he###govern.net
- DNS ASK ge####govern.net
- DNS ASK va####snature.net
- DNS ASK re####nature.net
- DNS ASK va####sneedle.net
- DNS ASK re####needle.net
- DNS ASK va####senough.net
- 'C:\weeydzecgtmkjoi\o1onaxbfedcsrppog.exe'
- 'C:\weeydzecgtmkjoi\uyvedmied.exe'
- 'C:\weeydzecgtmkjoi\obkxexpk.exe' "c:\weeydzecgtmkjoi\uyvedmied.exe"