Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Topology Windows Input IKE Discovery Parental' = '<SYSTEM32>\kpaqkcfqfarv.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\List Accounts Profile Reports Studio DLL] 'ImagePath' = '<SYSTEM32>\kpaqkcfqfarv.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\List Accounts Profile Reports Studio DLL] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\zirsoem.exe' "<SYSTEM32>\kpaqkcfqfarv.exe"
- '%WINDIR%\Temp\syepnndw35vtgikai.exe' -r 48381 tcp
- '%TEMP%\syepnndw31mmgikaibanmoxh.exe'
- '<SYSTEM32>\kpaqkcfqfarv.exe'
- <SYSTEM32>\apybsnura\run
- <SYSTEM32>\apybsnura\rng
- %WINDIR%\Temp\syepnndw35vtgikai.exe
- <SYSTEM32>\apybsnura\cfg
- <SYSTEM32>\zirsoem.exe
- %TEMP%\syepnndw31mmgikaibanmoxh.exe
- <SYSTEM32>\apybsnura\tst
- <SYSTEM32>\kpaqkcfqfarv.exe
- <SYSTEM32>\apybsnura\etc
- <SYSTEM32>\zirsoem.exe
- <SYSTEM32>\kpaqkcfqfarv.exe
- %WINDIR%\Temp\syepnndw35vtgikai.exe
- <DRIVERS>\etc\hosts
- %TEMP%\syepnndw31mmgikaibanmoxh.exe
- 'ha###nder.net':80
- 'hu###monday.net':80
- 'hu###under.net':80
- 'wr###hear.net':80
- 'ma###ear.net':80
- 'hu###lend.net':80
- 'ha###end.net':80
- 'ha###eed.net':80
- 'ha###onday.net':80
- 'hu###feed.net':80
- 'ro###ear.net':80
- 'wr###show.net':80
- 'de###ear.net':80
- 'de###ule.net':80
- 'ro###ule.net':80
- 'wr###rule.net':80
- 'ma###ule.net':80
- 'ma###unt.net':80
- 'ma###how.net':80
- 'wr###hunt.net':80
- 'sp###feed.net':80
- 'we###end.net':80
- 'we###eed.net':80
- 'we###onday.net':80
- 'sp###monday.net':80
- 'fr###monday.net':80
- 'of###monday.net':80
- 'of###under.net':80
- 'sp###lend.net':80
- 'fr###under.net':80
- 'mu###monday.net':80
- 'ya###eed.net':80
- 'ya###onday.net':80
- 'ya###nder.net':80
- 'mu###under.net':80
- 'we###nder.net':80
- 'sp###under.net':80
- 'mu###lend.net':80
- 'mu###feed.net':80
- 'ya###end.net':80
- 'ro###unt.net':80
- 'fr###show.net':80
- 'of###show.net':80
- 'sp###hear.net':80
- 'sp###rule.net':80
- 'we###ear.net':80
- 'of###rule.net':80
- 'fr###hear.net':80
- 'fr###rule.net':80
- 'fr###hunt.net':80
- 'of###hunt.net':80
- 'de###lxc.com':80
- 'mu###hear.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'sp###hunt.net':80
- 'we###ule.net':80
- 'we###unt.net':80
- 'we###how.net':80
- 'sp###show.net':80
- 'jo###ule.net':80
- 'wi###ule.net':80
- 'wi###unt.net':80
- 'wi###how.net':80
- 'jo###unt.net':80
- 'ro###how.net':80
- 'de###unt.net':80
- 'de###how.net':80
- 'jo###ear.net':80
- 'wi###ear.net':80
- 'ha###unt.net':80
- 'se####berhunt.net':80
- 'se####bershow.net':80
- 'of###hear.net':80
- 'ha###how.net':80
- 'se####berhear.net':80
- 'jo###how.net':80
- 'ha###ear.net':80
- 'ha###ule.net':80
- 'se####berrule.net':80
- http://ha###nder.net/index.php
- http://hu###monday.net/index.php
- http://hu###under.net/index.php
- http://wr###hear.net/index.php
- http://ma###ear.net/index.php
- http://hu###lend.net/index.php
- http://ha###end.net/index.php
- http://ha###eed.net/index.php
- http://ha###onday.net/index.php
- http://hu###feed.net/index.php
- http://ro###ear.net/index.php
- http://wr###show.net/index.php
- http://de###ear.net/index.php
- http://de###ule.net/index.php
- http://ro###ule.net/index.php
- http://wr###rule.net/index.php
- http://ma###ule.net/index.php
- http://ma###unt.net/index.php
- http://ma###how.net/index.php
- http://wr###hunt.net/index.php
- http://sp###feed.net/index.php
- http://we###end.net/index.php
- http://we###eed.net/index.php
- http://we###onday.net/index.php
- http://sp###monday.net/index.php
- http://fr###monday.net/index.php
- http://of###monday.net/index.php
- http://of###under.net/index.php
- http://sp###lend.net/index.php
- http://fr###under.net/index.php
- http://mu###monday.net/index.php
- http://ya###eed.net/index.php
- http://ya###onday.net/index.php
- http://ya###nder.net/index.php
- http://mu###under.net/index.php
- http://we###nder.net/index.php
- http://sp###under.net/index.php
- http://mu###lend.net/index.php
- http://mu###feed.net/index.php
- http://ya###end.net/index.php
- http://ro###unt.net/index.php
- http://fr###show.net/index.php
- http://of###show.net/index.php
- http://sp###hear.net/index.php
- http://sp###rule.net/index.php
- http://we###ear.net/index.php
- http://of###rule.net/index.php
- http://fr###hear.net/index.php
- http://fr###rule.net/index.php
- http://fr###hunt.net/index.php
- http://of###hunt.net/index.php
- http://de###lxc.com/index.php
- http://mu###hear.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://sp###hunt.net/index.php
- http://we###ule.net/index.php
- http://we###unt.net/index.php
- http://we###how.net/index.php
- http://sp###show.net/index.php
- http://jo###ule.net/index.php
- http://wi###ule.net/index.php
- http://wi###unt.net/index.php
- http://wi###how.net/index.php
- http://jo###unt.net/index.php
- http://ro###how.net/index.php
- http://de###unt.net/index.php
- http://de###how.net/index.php
- http://jo###ear.net/index.php
- http://wi###ear.net/index.php
- http://ha###unt.net/index.php
- http://se####berhunt.net/index.php
- http://se####bershow.net/index.php
- http://of###hear.net/index.php
- http://ha###how.net/index.php
- http://se####berhear.net/index.php
- http://jo###how.net/index.php
- http://ha###ear.net/index.php
- http://ha###ule.net/index.php
- http://se####berrule.net/index.php
- DNS ASK ha###nder.net
- DNS ASK hu###monday.net
- DNS ASK hu###under.net
- DNS ASK wr###hear.net
- DNS ASK ma###ear.net
- DNS ASK hu###lend.net
- DNS ASK ha###end.net
- DNS ASK ha###eed.net
- DNS ASK ha###onday.net
- DNS ASK hu###feed.net
- DNS ASK ro###ear.net
- DNS ASK wr###show.net
- DNS ASK de###ear.net
- DNS ASK de###ule.net
- DNS ASK ro###ule.net
- DNS ASK wr###rule.net
- DNS ASK ma###ule.net
- DNS ASK ma###unt.net
- DNS ASK ma###how.net
- DNS ASK wr###hunt.net
- DNS ASK ya###nder.net
- DNS ASK we###end.net
- DNS ASK sp###lend.net
- DNS ASK sp###feed.net
- DNS ASK sp###monday.net
- DNS ASK we###eed.net
- DNS ASK of###monday.net
- DNS ASK fr###feed.net
- DNS ASK fr###monday.net
- DNS ASK fr###under.net
- DNS ASK of###under.net
- DNS ASK ya###eed.net
- DNS ASK mu###feed.net
- DNS ASK mu###monday.net
- DNS ASK mu###under.net
- DNS ASK ya###onday.net
- DNS ASK sp###under.net
- DNS ASK we###onday.net
- DNS ASK we###nder.net
- DNS ASK ya###end.net
- DNS ASK mu###lend.net
- DNS ASK ro###unt.net
- DNS ASK fr###show.net
- DNS ASK of###show.net
- DNS ASK sp###hear.net
- DNS ASK sp###rule.net
- DNS ASK we###ear.net
- DNS ASK of###rule.net
- DNS ASK fr###hear.net
- DNS ASK fr###rule.net
- DNS ASK fr###hunt.net
- DNS ASK of###hunt.net
- DNS ASK de###lxc.com
- DNS ASK mu###hear.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK sp###hunt.net
- DNS ASK we###ule.net
- DNS ASK we###unt.net
- DNS ASK we###how.net
- DNS ASK sp###show.net
- DNS ASK jo###ule.net
- DNS ASK wi###ule.net
- DNS ASK wi###unt.net
- DNS ASK wi###how.net
- DNS ASK jo###unt.net
- DNS ASK ro###how.net
- DNS ASK de###unt.net
- DNS ASK de###how.net
- DNS ASK jo###ear.net
- DNS ASK wi###ear.net
- DNS ASK ha###unt.net
- DNS ASK se####berhunt.net
- DNS ASK se####bershow.net
- DNS ASK of###hear.net
- DNS ASK ha###how.net
- DNS ASK se####berhear.net
- DNS ASK jo###how.net
- DNS ASK ha###ear.net
- DNS ASK ha###ule.net
- DNS ASK se####berrule.net
- '23#.#55.255.250':1900