Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Transaction Service Initiator Tunneling' = '<SYSTEM32>\ktyhzqqh.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Interactive Location Hardware Distributed] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\zpemieznwh.exe' "<SYSTEM32>\ktyhzqqh.exe"
- '%WINDIR%\Temp\zcb6hjs37l0ecdl.exe' -r 45936 tcp
- '%TEMP%\zcb6hjs321tecdlnqdrnn.exe'
- '<SYSTEM32>\ktyhzqqh.exe'
- <SYSTEM32>\ugblzokojicjxhv\run
- <SYSTEM32>\ugblzokojicjxhv\rng
- %WINDIR%\Temp\zcb6hjs37l0ecdl.exe
- <SYSTEM32>\ugblzokojicjxhv\cfg
- <SYSTEM32>\zpemieznwh.exe
- %TEMP%\zcb6hjs321tecdlnqdrnn.exe
- <SYSTEM32>\ugblzokojicjxhv\tst
- <SYSTEM32>\ktyhzqqh.exe
- <SYSTEM32>\ugblzokojicjxhv\etc
- <SYSTEM32>\zpemieznwh.exe
- <SYSTEM32>\ktyhzqqh.exe
- %WINDIR%\Temp\zcb6hjs37l0ecdl.exe
- <DRIVERS>\etc\hosts
- %TEMP%\zcb6hjs321tecdlnqdrnn.exe
- 'yo###ine.net':80
- 'tr###nice.net':80
- 'tr###fine.net':80
- 'wa###reak.net':80
- 'ta###reak.net':80
- 'yo###ice.net':80
- 'yo####portant.net':80
- 'lr###fine.net':80
- 'tr####mportant.net':80
- 'tr###else.net':80
- 'yo###lse.net':80
- 'pi###break.net':80
- 'mu###reak.net':80
- 'mu###rove.net':80
- 'mu###ers.net':80
- 'pi###prove.net':80
- 'wa###lept.net':80
- 'wa###rove.net':80
- 'ta###rove.net':80
- 'ta###ers.net':80
- 'ta###lept.net':80
- 'wa###ers.net':80
- 'fi####portant.net':80
- 'se###fine.net':80
- 'pl####mportant.net':80
- 'pl###else.net':80
- 'fi###lse.net':80
- 'le###fine.net':80
- 'le###else.net':80
- 'se####mportant.net':80
- 'se###else.net':80
- 'se###nice.net':80
- 'le###nice.net':80
- 'lr###else.net':80
- 'vi###lse.net':80
- 'vi###ice.net':80
- 'vi###ine.net':80
- 'lr###nice.net':80
- 'lr####mportant.net':80
- 'pl###nice.net':80
- 'fi###ice.net':80
- 'fi###ine.net':80
- 'vi####portant.net':80
- 'pl###fine.net':80
- 'fi###rove.net':80
- 'pl###break.net':80
- 'pl###prove.net':80
- 'al###being.net':80
- 'ri###nstorm.net':80
- 'fi###reak.net':80
- 'le###hers.net':80
- 'se###prove.net':80
- 'se###hers.net':80
- 'se###slept.net':80
- 'le###slept.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'jo####ymeasure.net':80
- 'ef###tbuilt.net':80
- 'th###while.net':80
- 'mo###ugust.net':80
- 'pr####tbottom.net':80
- 'ca####nbring.net':80
- 'mo###olor.net':80
- 'mi###hown.net':80
- 'ab###ell.net':80
- 've###ers.net':80
- 'we###rove.net':80
- 'we###ers.net':80
- 'we###lept.net':80
- 've###lept.net':80
- 've###rove.net':80
- 'mu###lept.net':80
- 'pi###hers.net':80
- 'pi###slept.net':80
- 'we###reak.net':80
- 've###reak.net':80
- 'to###lept.net':80
- 'fa###lept.net':80
- 'le###break.net':80
- 'le###prove.net':80
- 'se###break.net':80
- 'to###ers.net':80
- 'to###reak.net':80
- 'fa###reak.net':80
- 'fa###rove.net':80
- 'fa###ers.net':80
- 'to###rove.net':80
- http://yo###ine.net/index.php
- http://tr###nice.net/index.php
- http://tr###fine.net/index.php
- http://wa###reak.net/index.php
- http://ta###reak.net/index.php
- http://yo###ice.net/index.php
- http://yo####portant.net/index.php
- http://lr###fine.net/index.php
- http://tr####mportant.net/index.php
- http://tr###else.net/index.php
- http://yo###lse.net/index.php
- http://pi###break.net/index.php
- http://mu###reak.net/index.php
- http://mu###rove.net/index.php
- http://mu###ers.net/index.php
- http://pi###prove.net/index.php
- http://wa###lept.net/index.php
- http://wa###rove.net/index.php
- http://ta###rove.net/index.php
- http://ta###ers.net/index.php
- http://ta###lept.net/index.php
- http://wa###ers.net/index.php
- http://fi####portant.net/index.php
- http://se###fine.net/index.php
- http://pl####mportant.net/index.php
- http://pl###else.net/index.php
- http://fi###lse.net/index.php
- http://le###fine.net/index.php
- http://le###else.net/index.php
- http://se####mportant.net/index.php
- http://se###else.net/index.php
- http://se###nice.net/index.php
- http://le###nice.net/index.php
- http://lr###else.net/index.php
- http://vi###lse.net/index.php
- http://vi###ice.net/index.php
- http://vi###ine.net/index.php
- http://lr###nice.net/index.php
- http://lr####mportant.net/index.php
- http://pl###nice.net/index.php
- http://fi###ice.net/index.php
- http://fi###ine.net/index.php
- http://vi####portant.net/index.php
- http://pl###fine.net/index.php
- http://fi###rove.net/index.php
- http://pl###break.net/index.php
- http://pl###prove.net/index.php
- http://al###being.net/index.php
- http://ri###nstorm.net/index.php
- http://fi###reak.net/index.php
- http://le###hers.net/index.php
- http://se###prove.net/index.php
- http://se###hers.net/index.php
- http://se###slept.net/index.php
- http://le###slept.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://jo####ymeasure.net/index.php
- http://ef###tbuilt.net/index.php
- http://th###while.net/index.php
- http://mo###ugust.net/index.php
- http://pr####tbottom.net/index.php
- http://ca####nbring.net/index.php
- http://mo###olor.net/index.php
- http://mi###hown.net/index.php
- http://ab###ell.net/index.php
- http://ve###ers.net/index.php
- http://we###rove.net/index.php
- http://we###ers.net/index.php
- http://we###lept.net/index.php
- http://ve###lept.net/index.php
- http://ve###rove.net/index.php
- http://mu###lept.net/index.php
- http://pi###hers.net/index.php
- http://pi###slept.net/index.php
- http://we###reak.net/index.php
- http://ve###reak.net/index.php
- http://to###lept.net/index.php
- http://fa###lept.net/index.php
- http://le###break.net/index.php
- http://le###prove.net/index.php
- http://se###break.net/index.php
- http://to###ers.net/index.php
- http://to###reak.net/index.php
- http://fa###reak.net/index.php
- http://fa###rove.net/index.php
- http://fa###ers.net/index.php
- http://to###rove.net/index.php
- DNS ASK yo###ine.net
- DNS ASK tr###nice.net
- DNS ASK tr###fine.net
- DNS ASK wa###reak.net
- DNS ASK ta###reak.net
- DNS ASK yo###ice.net
- DNS ASK yo####portant.net
- DNS ASK lr###fine.net
- DNS ASK tr####mportant.net
- DNS ASK tr###else.net
- DNS ASK yo###lse.net
- DNS ASK pi###break.net
- DNS ASK mu###reak.net
- DNS ASK mu###rove.net
- DNS ASK mu###ers.net
- DNS ASK pi###prove.net
- DNS ASK wa###lept.net
- DNS ASK wa###rove.net
- DNS ASK ta###rove.net
- DNS ASK ta###ers.net
- DNS ASK ta###lept.net
- DNS ASK wa###ers.net
- DNS ASK vi###ine.net
- DNS ASK se###fine.net
- DNS ASK le###fine.net
- DNS ASK fi####portant.net
- DNS ASK fi###lse.net
- DNS ASK pl####mportant.net
- DNS ASK se###nice.net
- DNS ASK se####mportant.net
- DNS ASK le####mportant.net
- DNS ASK le###else.net
- DNS ASK le###nice.net
- DNS ASK se###else.net
- DNS ASK vi###lse.net
- DNS ASK lr####mportant.net
- DNS ASK lr###else.net
- DNS ASK lr###nice.net
- DNS ASK vi###ice.net
- DNS ASK vi####portant.net
- DNS ASK fi###ice.net
- DNS ASK pl###else.net
- DNS ASK pl###nice.net
- DNS ASK pl###fine.net
- DNS ASK fi###ine.net
- DNS ASK fi###rove.net
- DNS ASK pl###break.net
- DNS ASK pl###prove.net
- DNS ASK al###being.net
- DNS ASK ri###nstorm.net
- DNS ASK fi###reak.net
- DNS ASK le###hers.net
- DNS ASK se###prove.net
- DNS ASK se###hers.net
- DNS ASK se###slept.net
- DNS ASK le###slept.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK jo####ymeasure.net
- DNS ASK ef###tbuilt.net
- DNS ASK th###while.net
- DNS ASK mo###ugust.net
- DNS ASK pr####tbottom.net
- DNS ASK ca####nbring.net
- DNS ASK mo###olor.net
- DNS ASK mi###hown.net
- DNS ASK ab###ell.net
- DNS ASK ve###ers.net
- DNS ASK we###rove.net
- DNS ASK we###ers.net
- DNS ASK we###lept.net
- DNS ASK ve###lept.net
- DNS ASK ve###rove.net
- DNS ASK mu###lept.net
- DNS ASK pi###hers.net
- DNS ASK pi###slept.net
- DNS ASK we###reak.net
- DNS ASK ve###reak.net
- DNS ASK to###lept.net
- DNS ASK fa###lept.net
- DNS ASK le###break.net
- DNS ASK le###prove.net
- DNS ASK se###break.net
- DNS ASK to###ers.net
- DNS ASK to###reak.net
- DNS ASK fa###reak.net
- DNS ASK fa###rove.net
- DNS ASK fa###ers.net
- DNS ASK to###rove.net
- '23#.#55.255.250':1900