Technical Information
To ensure autorun and distribution
Modifies the following registry keys
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqempohhu.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemwlwij.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemveeaq.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemwhfbx.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqembwmes.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemowmha.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemntack.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemllfnr.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemalovx.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemnldag.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemozovi.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemjhvwq.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemzsozf.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemvaxcu.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemezgar.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemtrmvs.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemsfwgi.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemrmsgb.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemermzw.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemsadjd.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemamsze.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemlvajy.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemoolbw.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemrxnrs.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemqtjuc.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemejsmw.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemzzghl.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemvsxdu.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemobytn.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemrontz.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemurnhb.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemwooyp.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemuhulr.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemotktw.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemhzhmr.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemmnzmw.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemhecpl.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemkfqvi.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemxqkbz.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemljbbm.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqempzuhv.exe'
Modifies file system
Creates the following files
- %TEMP%\qpath.ini
- %TEMP%\sysqemermzw.exe
- %TEMP%\sysqemwlwij.exe
- %TEMP%\sysqemveeaq.exe
- %TEMP%\sysqemwhfbx.exe
- %TEMP%\sysqembwmes.exe
- %TEMP%\sysqemowmha.exe
- %TEMP%\sysqemntack.exe
- %TEMP%\sysqemllfnr.exe
- %TEMP%\sysqemnldag.exe
- %TEMP%\sysqemsadjd.exe
- %TEMP%\sysqemozovi.exe
- %TEMP%\sysqemjhvwq.exe
- %TEMP%\sysqemzsozf.exe
- %TEMP%\sysqemvaxcu.exe
- %TEMP%\sysqemezgar.exe
- %TEMP%\sysqemtrmvs.exe
- %TEMP%\sysqemsfwgi.exe
- %TEMP%\sysqemrmsgb.exe
- %TEMP%\sysqemamsze.exe
- %TEMP%\sysqemalovx.exe
- %TEMP%\sysqemljbbm.exe
- %TEMP%\sysqemobytn.exe
- %TEMP%\sysqamqqvaqqd.exe
- %TEMP%\sysqempohhu.exe
- %TEMP%\sysqemoolbw.exe
- %TEMP%\sysqemrxnrs.exe
- %TEMP%\sysqemqtjuc.exe
- %TEMP%\sysqemejsmw.exe
- %TEMP%\sysqemzzghl.exe
- %TEMP%\sysqemvsxdu.exe
- %TEMP%\sysqemrontz.exe
- %TEMP%\sysqemxqkbz.exe
- %TEMP%\sysqemurnhb.exe
- %TEMP%\sysqemwooyp.exe
- %TEMP%\sysqemuhulr.exe
- %TEMP%\sysqemotktw.exe
- %TEMP%\sysqemhzhmr.exe
- %TEMP%\sysqemmnzmw.exe
- %TEMP%\sysqemhecpl.exe
- %TEMP%\sysqemkfqvi.exe
- %TEMP%\sysqemlvajy.exe
- %TEMP%\sysqempzuhv.exe
Sets the 'hidden' attribute to the following files
- %TEMP%\sysqempohhu.exe
- %TEMP%\sysqemveeaq.exe
- %TEMP%\sysqemwhfbx.exe
- %TEMP%\sysqembwmes.exe
- %TEMP%\sysqemowmha.exe
- %TEMP%\sysqemntack.exe
- %TEMP%\sysqemllfnr.exe
- %TEMP%\sysqemalovx.exe
- %TEMP%\sysqemurnhb.exe
- %TEMP%\sysqemnldag.exe
- %TEMP%\sysqemjhvwq.exe
- %TEMP%\sysqemzsozf.exe
- %TEMP%\sysqemvaxcu.exe
- %TEMP%\sysqemezgar.exe
- %TEMP%\sysqemtrmvs.exe
- %TEMP%\sysqemsfwgi.exe
- %TEMP%\sysqemrmsgb.exe
- %TEMP%\sysqemermzw.exe
- %TEMP%\sysqemwlwij.exe
- %TEMP%\sysqemamsze.exe
- %TEMP%\sysqemljbbm.exe
- %TEMP%\sysqemlvajy.exe
- %TEMP%\sysqemoolbw.exe
- %TEMP%\sysqemrxnrs.exe
- %TEMP%\sysqemqtjuc.exe
- %TEMP%\sysqemejsmw.exe
- %TEMP%\sysqemzzghl.exe
- %TEMP%\sysqemvsxdu.exe
- %TEMP%\sysqemobytn.exe
- %TEMP%\sysqemsadjd.exe
- %TEMP%\sysqemozovi.exe
- %TEMP%\sysqemrontz.exe
- %TEMP%\sysqemuhulr.exe
- %TEMP%\sysqemotktw.exe
- %TEMP%\sysqemhzhmr.exe
- %TEMP%\sysqemmnzmw.exe
- %TEMP%\sysqemhecpl.exe
- %TEMP%\sysqemkfqvi.exe
- %TEMP%\sysqemxqkbz.exe
- %TEMP%\sysqamqqvaqqd.exe
- %TEMP%\sysqemwooyp.exe
- %TEMP%\sysqempzuhv.exe
Miscellaneous
Creates and executes the following
- '%TEMP%\sysqempohhu.exe'
- '%TEMP%\sysqemwlwij.exe'
- '%TEMP%\sysqemveeaq.exe'
- '%TEMP%\sysqemwhfbx.exe'
- '%TEMP%\sysqembwmes.exe'
- '%TEMP%\sysqemowmha.exe'
- '%TEMP%\sysqemntack.exe'
- '%TEMP%\sysqemllfnr.exe'
- '%TEMP%\sysqemalovx.exe'
- '%TEMP%\sysqemnldag.exe'
- '%TEMP%\sysqemozovi.exe'
- '%TEMP%\sysqemjhvwq.exe'
- '%TEMP%\sysqemzsozf.exe'
- '%TEMP%\sysqemvaxcu.exe'
- '%TEMP%\sysqemezgar.exe'
- '%TEMP%\sysqemtrmvs.exe'
- '%TEMP%\sysqemsfwgi.exe'
- '%TEMP%\sysqemrmsgb.exe'
- '%TEMP%\sysqemermzw.exe'
- '%TEMP%\sysqemsadjd.exe'
- '%TEMP%\sysqemamsze.exe'
- '%TEMP%\sysqemlvajy.exe'
- '%TEMP%\sysqemoolbw.exe'
- '%TEMP%\sysqemrxnrs.exe'
- '%TEMP%\sysqemqtjuc.exe'
- '%TEMP%\sysqemejsmw.exe'
- '%TEMP%\sysqemzzghl.exe'
- '%TEMP%\sysqemvsxdu.exe'
- '%TEMP%\sysqemobytn.exe'
- '%TEMP%\sysqemrontz.exe'
- '%TEMP%\sysqemurnhb.exe'
- '%TEMP%\sysqemwooyp.exe'
- '%TEMP%\sysqemuhulr.exe'
- '%TEMP%\sysqemotktw.exe'
- '%TEMP%\sysqemhzhmr.exe'
- '%TEMP%\sysqemmnzmw.exe'
- '%TEMP%\sysqemhecpl.exe'
- '%TEMP%\sysqemkfqvi.exe'
- '%TEMP%\sysqemxqkbz.exe'
- '%TEMP%\sysqemljbbm.exe'
- '%TEMP%\sysqempzuhv.exe'
