Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Performance COM+ Acquisition Group DHCP] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Performance COM+ Acquisition Group DHCP] 'ImagePath' = 'C:\kclhdrd\vuamobim.exe'
- 'Performance COM+ Acquisition Group DHCP' C:\kclhdrd\vuamobim.exe
- %WINDIR%\kclhdrd\tt3zawnn
- C:\kclhdrd\tt3zawnn
- C:\kclhdrd\g1dtjfygpgtj7wtgkw.exe
- C:\kclhdrd\vuamobim.exe
- C:\kclhdrd\lfoncuvl.exe
- C:\kclhdrd\vuamobim.exe
- C:\kclhdrd\lfoncuvl.exe
- %WINDIR%\kclhdrd\tt3zawnn
- C:\kclhdrd\g1dtjfygpgtj7wtgkw.exe
- %WINDIR%\kclhdrd\tt3zawnn
- 'he###napple.net':80
- 'an####dinner.net':80
- http://he###napple.net/index.php
- http://an####dinner.net/index.php
- DNS ASK de####father.net
- DNS ASK an####measure.net
- DNS ASK fo####dcircle.net
- DNS ASK de####circle.net
- DNS ASK fo####dafraid.net
- DNS ASK de####afraid.net
- DNS ASK fo####ddinner.net
- DNS ASK de####dinner.net
- DNS ASK fo####dmeasure.net
- DNS ASK de####measure.net
- DNS ASK gl####easure.net
- DNS ASK re###ncarry.net
- DNS ASK re###nbuilt.net
- DNS ASK va####sbuilt.net
- DNS ASK re###napple.net
- DNS ASK va####sapple.net
- DNS ASK re####father.net
- DNS ASK va####sfather.net
- DNS ASK ge###ecarry.net
- DNS ASK ge###ebuilt.net
- DNS ASK ge###eapple.net
- DNS ASK va####scarry.net
- DNS ASK di####ultcircle.net
- DNS ASK re####emeasure.net
- DNS ASK an####afraid.net
- DNS ASK or####easure.net
- DNS ASK ne####arycircle.net
- DNS ASK pl####ntcircle.net
- DNS ASK ne####aryafraid.net
- DNS ASK pl####ntafraid.net
- DNS ASK ne####arydinner.net
- DNS ASK pl####ntdinner.net
- DNS ASK ne#####rymeasure.net
- DNS ASK pl####ntmeasure.net
- DNS ASK ge####father.net
- DNS ASK he###circle.net
- DNS ASK he###afraid.net
- DNS ASK di####ultafraid.net
- DNS ASK he###dinner.net
- DNS ASK di####ultdinner.net
- DNS ASK he####easure.net
- DNS ASK di#####ltmeasure.net
- DNS ASK gl###circle.net
- DNS ASK an####circle.net
- DNS ASK gl###afraid.net
- DNS ASK an####dinner.net
- DNS ASK gl###dinner.net
- DNS ASK he###ncarry.net
- DNS ASK he###carry.net
- DNS ASK di####ultbuilt.net
- DNS ASK he###apple.net
- DNS ASK di####ultapple.net
- DNS ASK he###father.net
- DNS ASK di####ultfather.net
- DNS ASK gl###carry.net
- DNS ASK an###rcarry.net
- DNS ASK gl###built.net
- DNS ASK an###rbuilt.net
- DNS ASK he###built.net
- DNS ASK gl###apple.net
- DNS ASK gl###father.net
- DNS ASK an####father.net
- DNS ASK fo####dcarry.net
- DNS ASK de###ecarry.net
- DNS ASK fo####dbuilt.net
- DNS ASK de###ebuilt.net
- DNS ASK fo####dapple.net
- DNS ASK de###eapple.net
- DNS ASK fo####dfather.net
- DNS ASK an###rapple.net
- DNS ASK or###apple.net
- DNS ASK he###nbuilt.net
- DNS ASK pl####ntfather.net
- DNS ASK le###rbuilt.net
- DNS ASK he###napple.net
- DNS ASK le###rapple.net
- DNS ASK he####father.net
- DNS ASK le####father.net
- DNS ASK re####ecarry.net
- DNS ASK or###carry.net
- DNS ASK re####ebuilt.net
- DNS ASK or###built.net
- DNS ASK le###rcarry.net
- DNS ASK re####eapple.net
- DNS ASK re####efather.net
- DNS ASK or###father.net
- DNS ASK ne####arycarry.net
- DNS ASK pl####ntcarry.net
- DNS ASK ne####arybuilt.net
- DNS ASK pl####ntbuilt.net
- DNS ASK ne####aryapple.net
- DNS ASK pl####ntapple.net
- DNS ASK ne####aryfather.net
- DNS ASK di####ultcarry.net
- DNS ASK or###dinner.net
- 'C:\kclhdrd\g1dtjfygpgtj7wtgkw.exe'
- 'C:\kclhdrd\vuamobim.exe'
- 'C:\kclhdrd\lfoncuvl.exe' "c:\kclhdrd\vuamobim.exe"