Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'kuqgyzytigji' = '%HOMEPATH%\kuqgyzytigji.exe'
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\d46cb78e-ef8b-42fe-8b82-3cd2fa856cd1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\3a73beaa-dec4-449c-863a-cc7b120b96c5
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\25ebd6ac-ab39-42fa-9845-7453df30c922
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\4a947af3-2632-41b2-8976-0593fef0ebd8
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\d8df81ee-ad10-4acb-b54b-d18463ff2a5f
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\7911158f-c3d1-44b6-ad8f-1c5de4cd6cea
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\3808bb82-87b3-4d04-bcfe-de3cbc21dad1
- %HOMEPATH%\kuqgyzytigji.exe
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\2f11f409-a8ea-4311-a28a-41a9c2ef6dca
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\3dd91168-5cbc-438e-98d4-04d487732e8d
- 'sm##.live.com':25
- DNS ASK co##tney.ca
- DNS ASK le###ridica.com
- DNS ASK ce####kalip.com.tr
- DNS ASK sa##s.net
- DNS ASK an###ervice.com
- DNS ASK ma###-man.com
- DNS ASK ga######onlinemagazine.com
- DNS ASK al######ive-aquitaine.co.uk
- DNS ASK fu###o-lab.com
- DNS ASK ac###ctory.net
- DNS ASK 4p##p.com
- DNS ASK we####llsstl.org
- DNS ASK su###le.co.jp
- DNS ASK se##door.pl
- DNS ASK ch####clothes.com
- DNS ASK is#####ltarim.com.tr
- DNS ASK sc####inpeach.com
- DNS ASK ur####aproject.com
- DNS ASK ch####supplies.net
- DNS ASK be#####rebusiness.org
- DNS ASK nu###ech.com
- DNS ASK te###ra.co.jp
- DNS ASK fi###ara.com
- DNS ASK ka###hal.com
- DNS ASK bo####ydesign.com
- DNS ASK db####onents.com
- DNS ASK or####networks.net
- DNS ASK au####ansurfing.at
- DNS ASK fr#####entauction.com
- DNS ASK li####ist-uk.com
- DNS ASK gr###web.net
- DNS ASK ph###type.com
- DNS ASK kv###atoff.ru
- DNS ASK ar#####turadigital.com
- DNS ASK ca#####citytuxedo.com
- DNS ASK co###rprint.nl
- DNS ASK ea####rmations.net
- DNS ASK et###les.com
- DNS ASK op###er.com.au
- DNS ASK bi##imex.pl
- DNS ASK bo#r.cz
- DNS ASK hi##ken.com
- DNS ASK en####odrigo.com.br
- DNS ASK d4###edia.com
- DNS ASK ix###ctor.com
- DNS ASK tv##ra.net
- DNS ASK th#####ldsongroup.com
- DNS ASK ct###rocess.org
- DNS ASK wl#.##uisiana.gov
- DNS ASK re###dhits.com
- DNS ASK bi#####ultimedia.com
- DNS ASK c2##du.com
- DNS ASK ha####ltimedia.com
- DNS ASK gu###man.com.br
- DNS ASK xi###group.com
- DNS ASK e-###rming.com
- DNS ASK dj###taro.com
- DNS ASK ke###eren.com
- DNS ASK so####oncorp.com
- DNS ASK sm##.#irectcon.net
- DNS ASK aj##.net
- DNS ASK sm##.###global.yahoo.com
- DNS ASK sm##.live.com
- DNS ASK sm##.#ail.yahoo.com
- DNS ASK ra######ckwarehouse.com.au
- DNS ASK ka####ka.vic.edu.au
- DNS ASK sa####connection.ca
- DNS ASK ma####grimes.co.uk
- DNS ASK sa###david.com
- DNS ASK ca####eonline.com
- DNS ASK ti###urkey.com
- DNS ASK ma####grp-spb.ru
- DNS ASK ro####how.com.au
- DNS ASK go####rk-moossee.ch
- DNS ASK ar###2aa.org
- DNS ASK mi###stga.com
- DNS ASK ad####ivechat.us
- DNS ASK sm##.#ompuserve.com
- DNS ASK mi###ech.net
- DNS ASK so#####rganizing.com
- DNS ASK re###echre.com
- DNS ASK ar##for.com
- DNS ASK sh###yspizza.ph
- DNS ASK to###nmeuse.com
- DNS ASK te##ole.com
- DNS ASK pa###ball.be
- DNS ASK ma##.#irmail.net
- DNS ASK eo##.net
- DNS ASK ru###eberg.com
- DNS ASK ey###oup.com
- DNS ASK ze###et.co.jp
- DNS ASK ma###chn.com
- DNS ASK to####sondesign.com
- ClassName: 'Indicator' WindowName: '(null)'