Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Panel Video IKE Secure Resource Window' = '<SYSTEM32>\krzwvcqcpouh.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Desktop BranchCache Font Shell] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\srllchqnpfmv.exe' "<SYSTEM32>\krzwvcqcpouh.exe"
- '%WINDIR%\Temp\jjjyegs3l9nxhho.exe' -r 33037 tcp
- '%TEMP%\jjjyegs3gjxxhhoj3rg9wwu.exe'
- '<SYSTEM32>\krzwvcqcpouh.exe'
- <SYSTEM32>\zuvnroecahk\run
- <SYSTEM32>\zuvnroecahk\rng
- %WINDIR%\Temp\jjjyegs3l9nxhho.exe
- <SYSTEM32>\zuvnroecahk\cfg
- <SYSTEM32>\srllchqnpfmv.exe
- %TEMP%\jjjyegs3gjxxhhoj3rg9wwu.exe
- <SYSTEM32>\zuvnroecahk\tst
- <SYSTEM32>\krzwvcqcpouh.exe
- <SYSTEM32>\zuvnroecahk\etc
- <SYSTEM32>\srllchqnpfmv.exe
- <SYSTEM32>\krzwvcqcpouh.exe
- %WINDIR%\Temp\jjjyegs3l9nxhho.exe
- <DRIVERS>\etc\hosts
- %TEMP%\jjjyegs3gjxxhhoj3rg9wwu.exe
- 'ro###ame.net':80
- 'de###uide.net':80
- 'ro###alf.net':80
- 'de###ame.net':80
- 'ro###uide.net':80
- 'wr###half.net':80
- 'ma###alf.net':80
- 'de###ate.net':80
- 'ro###ate.net':80
- 'de###alf.net':80
- 'wi###alf.net':80
- 'jo###ame.net':80
- 'se####berlate.net':80
- 'jo###alf.net':80
- 'wi###ame.net':80
- 'jo###ate.net':80
- 'wi###ate.net':80
- 'jo###uide.net':80
- 'wi###uide.net':80
- 'hu###fish.net':80
- 'ha###ish.net':80
- 'hu###lady.net':80
- 'ha###ady.net':80
- 'ya###ing.net':80
- 'mu###past.net':80
- 'ya###ady.net':80
- 'mu###wing.net':80
- 'ya###ast.net':80
- 'ha###ast.net':80
- 'wr###guide.net':80
- 'ma###uide.net':80
- 'wr###name.net':80
- 'ma###ame.net':80
- 'wr###late.net':80
- 'ha###ing.net':80
- 'hu###past.net':80
- 'ma###ate.net':80
- 'hu###wing.net':80
- 'ha###ate.net':80
- 'ya###uide.net':80
- 'mu###guide.net':80
- 'be##lxc.com':80
- 'mu###name.net':80
- 'ya###ate.net':80
- 'sp###half.net':80
- 'we###ame.net':80
- 'mu###late.net':80
- 'we###alf.net':80
- 'ri###nstorm.net':80
- 'mo###ugust.net':80
- 'mi###hown.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'ab###ell.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'of###late.net':80
- 'ha###alf.net':80
- 'of###guide.net':80
- 'fr###late.net':80
- 'se####berhalf.net':80
- 'ha###uide.net':80
- 'se####berguide.net':80
- 'ha###ame.net':80
- 'se####bername.net':80
- 'fr###guide.net':80
- 'sp###guide.net':80
- 'we###ate.net':80
- 'sp###name.net':80
- 'we###uide.net':80
- 'sp###late.net':80
- 'fr###name.net':80
- 'of###name.net':80
- 'fr###half.net':80
- 'of###half.net':80
- http://ro###ame.net/index.php
- http://de###uide.net/index.php
- http://ro###alf.net/index.php
- http://de###ame.net/index.php
- http://ro###uide.net/index.php
- http://wr###half.net/index.php
- http://ma###alf.net/index.php
- http://de###ate.net/index.php
- http://ro###ate.net/index.php
- http://de###alf.net/index.php
- http://wi###alf.net/index.php
- http://jo###ame.net/index.php
- http://se####berlate.net/index.php
- http://jo###alf.net/index.php
- http://wi###ame.net/index.php
- http://jo###ate.net/index.php
- http://wi###ate.net/index.php
- http://jo###uide.net/index.php
- http://wi###uide.net/index.php
- http://hu###fish.net/index.php
- http://ha###ish.net/index.php
- http://hu###lady.net/index.php
- http://ha###ady.net/index.php
- http://ya###ing.net/index.php
- http://mu###past.net/index.php
- http://ya###ady.net/index.php
- http://mu###wing.net/index.php
- http://ya###ast.net/index.php
- http://ha###ast.net/index.php
- http://wr###guide.net/index.php
- http://ma###uide.net/index.php
- http://wr###name.net/index.php
- http://ma###ame.net/index.php
- http://wr###late.net/index.php
- http://ha###ing.net/index.php
- http://hu###past.net/index.php
- http://ma###ate.net/index.php
- http://hu###wing.net/index.php
- http://ha###ate.net/index.php
- http://ya###uide.net/index.php
- http://mu###guide.net/index.php
- http://be##lxc.com/index.php
- http://mu###name.net/index.php
- http://ya###ate.net/index.php
- http://sp###half.net/index.php
- http://we###ame.net/index.php
- http://mu###late.net/index.php
- http://we###alf.net/index.php
- http://ri###nstorm.net/index.php
- http://mo###ugust.net/index.php
- http://mi###hown.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://ab###ell.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://of###late.net/index.php
- http://ha###alf.net/index.php
- http://of###guide.net/index.php
- http://fr###late.net/index.php
- http://se####berhalf.net/index.php
- http://ha###uide.net/index.php
- http://se####berguide.net/index.php
- http://ha###ame.net/index.php
- http://se####bername.net/index.php
- http://fr###guide.net/index.php
- http://sp###guide.net/index.php
- http://we###ate.net/index.php
- http://sp###name.net/index.php
- http://we###uide.net/index.php
- http://sp###late.net/index.php
- http://fr###name.net/index.php
- http://of###name.net/index.php
- http://fr###half.net/index.php
- http://of###half.net/index.php
- DNS ASK ro###ame.net
- DNS ASK de###uide.net
- DNS ASK ro###alf.net
- DNS ASK de###ame.net
- DNS ASK ro###uide.net
- DNS ASK wr###half.net
- DNS ASK ma###alf.net
- DNS ASK de###ate.net
- DNS ASK ro###ate.net
- DNS ASK de###alf.net
- DNS ASK wi###alf.net
- DNS ASK jo###ame.net
- DNS ASK se####berlate.net
- DNS ASK jo###alf.net
- DNS ASK wi###ame.net
- DNS ASK jo###ate.net
- DNS ASK wi###ate.net
- DNS ASK jo###uide.net
- DNS ASK wi###uide.net
- DNS ASK wr###name.net
- DNS ASK ha###ish.net
- DNS ASK ya###ing.net
- DNS ASK ha###ady.net
- DNS ASK hu###fish.net
- DNS ASK mu###wing.net
- DNS ASK ya###ady.net
- DNS ASK mu###lady.net
- DNS ASK ya###ast.net
- DNS ASK mu###past.net
- DNS ASK hu###lady.net
- DNS ASK ma###uide.net
- DNS ASK wr###late.net
- DNS ASK ma###ame.net
- DNS ASK wr###guide.net
- DNS ASK ma###ate.net
- DNS ASK hu###past.net
- DNS ASK ha###ast.net
- DNS ASK hu###wing.net
- DNS ASK ha###ing.net
- DNS ASK ha###ate.net
- DNS ASK ya###uide.net
- DNS ASK mu###guide.net
- DNS ASK be##lxc.com
- DNS ASK mu###name.net
- DNS ASK ya###ate.net
- DNS ASK sp###half.net
- DNS ASK we###ame.net
- DNS ASK mu###late.net
- DNS ASK we###alf.net
- DNS ASK ri###nstorm.net
- DNS ASK mo###ugust.net
- DNS ASK mi###hown.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK ab###ell.net
- DNS ASK ca####nbring.net
- DNS ASK al###being.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK of###late.net
- DNS ASK ha###alf.net
- DNS ASK of###guide.net
- DNS ASK fr###late.net
- DNS ASK se####berhalf.net
- DNS ASK ha###uide.net
- DNS ASK se####berguide.net
- DNS ASK ha###ame.net
- DNS ASK se####bername.net
- DNS ASK fr###guide.net
- DNS ASK sp###guide.net
- DNS ASK we###ate.net
- DNS ASK sp###name.net
- DNS ASK we###uide.net
- DNS ASK sp###late.net
- DNS ASK fr###name.net
- DNS ASK of###name.net
- DNS ASK fr###half.net
- DNS ASK of###half.net
- '23#.#55.255.250':1900