Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Defender SNMP User-mode Class' = '<SYSTEM32>\xztmenrpgg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Wired Secondary Credential Socket Registry] 'ImagePath' = '<SYSTEM32>\xztmenrpgg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Wired Secondary Credential Socket Registry] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\evzxwwnc.exe' "<SYSTEM32>\xztmenrpgg.exe"
- '%WINDIR%\Temp\dgatud30bbjcoeo.exe' -r 41587 tcp
- '%TEMP%\dgatud2r1jjcoeotjq2oh0.exe'
- '<SYSTEM32>\xztmenrpgg.exe'
- <SYSTEM32>\ehcwljnarofvke\run
- <SYSTEM32>\ehcwljnarofvke\rng
- %WINDIR%\Temp\dgatud30bbjcoeo.exe
- <SYSTEM32>\ehcwljnarofvke\cfg
- <SYSTEM32>\evzxwwnc.exe
- %TEMP%\dgatud2r1jjcoeotjq2oh0.exe
- <SYSTEM32>\ehcwljnarofvke\tst
- <SYSTEM32>\xztmenrpgg.exe
- <SYSTEM32>\ehcwljnarofvke\etc
- <SYSTEM32>\evzxwwnc.exe
- <SYSTEM32>\xztmenrpgg.exe
- %WINDIR%\Temp\dgatud30bbjcoeo.exe
- <DRIVERS>\etc\hosts
- %TEMP%\dgatud2r1jjcoeotjq2oh0.exe
- 'yo###ers.net':80
- 'tr###prove.net':80
- 'yo###lept.net':80
- 'tr###hers.net':80
- 'yo###rove.net':80
- 'lr###slept.net':80
- 'vi###lept.net':80
- 'tr###break.net':80
- 'yo###reak.net':80
- 'tr###slept.net':80
- 'ta###ure.net':80
- 'wa###ause.net':80
- 'mu###ack.net':80
- 'wa###ure.net':80
- 'ta###ause.net':80
- 'wa###ack.net':80
- 'ta###ack.net':80
- 'wa###hot.net':80
- 'ta###hot.net':80
- 'lr###hers.net':80
- 'fi###reak.net':80
- 'se###slept.net':80
- 'fi###rove.net':80
- 'pl###break.net':80
- 'le###slept.net':80
- 'se###prove.net':80
- 'le###prove.net':80
- 'se###hers.net':80
- 'le###hers.net':80
- 'pl###prove.net':80
- 'vi###rove.net':80
- 'lr###break.net':80
- 'vi###ers.net':80
- 'lr###prove.net':80
- 'vi###reak.net':80
- 'pl###hers.net':80
- 'fi###ers.net':80
- 'pl###slept.net':80
- 'fi###lept.net':80
- 'se###shot.net':80
- 'le###shot.net':80
- 'be##lxc.com':80
- 'le###cause.net':80
- 'se###back.net':80
- 'fa###ure.net':80
- 'to###ause.net':80
- 'le###back.net':80
- 'to###ure.net':80
- 'ri###nstorm.net':80
- 'mo###ugust.net':80
- 'mi###hown.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'ab###ell.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'fa###ause.net':80
- 'pi###sure.net':80
- 'mu###ure.net':80
- 'we###ack.net':80
- 've###ack.net':80
- 'pi###cause.net':80
- 'mu###hot.net':80
- 'pi###back.net':80
- 'mu###ause.net':80
- 'pi###shot.net':80
- 've###hot.net':80
- 'to###ack.net':80
- 'fa###ack.net':80
- 'to###hot.net':80
- 'fa###hot.net':80
- 'we###ure.net':80
- 've###ause.net':80
- 'we###hot.net':80
- 've###ure.net':80
- 'we###ause.net':80
- http://yo###ers.net/index.php
- http://tr###prove.net/index.php
- http://yo###lept.net/index.php
- http://tr###hers.net/index.php
- http://yo###rove.net/index.php
- http://lr###slept.net/index.php
- http://vi###lept.net/index.php
- http://tr###break.net/index.php
- http://yo###reak.net/index.php
- http://tr###slept.net/index.php
- http://ta###ure.net/index.php
- http://wa###ause.net/index.php
- http://mu###ack.net/index.php
- http://wa###ure.net/index.php
- http://ta###ause.net/index.php
- http://wa###ack.net/index.php
- http://ta###ack.net/index.php
- http://wa###hot.net/index.php
- http://ta###hot.net/index.php
- http://lr###hers.net/index.php
- http://fi###reak.net/index.php
- http://se###slept.net/index.php
- http://fi###rove.net/index.php
- http://pl###break.net/index.php
- http://le###slept.net/index.php
- http://se###prove.net/index.php
- http://le###prove.net/index.php
- http://se###hers.net/index.php
- http://le###hers.net/index.php
- http://pl###prove.net/index.php
- http://vi###rove.net/index.php
- http://lr###break.net/index.php
- http://vi###ers.net/index.php
- http://lr###prove.net/index.php
- http://vi###reak.net/index.php
- http://pl###hers.net/index.php
- http://fi###ers.net/index.php
- http://pl###slept.net/index.php
- http://fi###lept.net/index.php
- http://se###shot.net/index.php
- http://le###shot.net/index.php
- http://be##lxc.com/index.php
- http://le###cause.net/index.php
- http://se###back.net/index.php
- http://fa###ure.net/index.php
- http://to###ause.net/index.php
- http://le###back.net/index.php
- http://to###ure.net/index.php
- http://ri###nstorm.net/index.php
- http://mo###ugust.net/index.php
- http://mi###hown.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://ab###ell.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://fa###ause.net/index.php
- http://pi###sure.net/index.php
- http://mu###ure.net/index.php
- http://we###ack.net/index.php
- http://ve###ack.net/index.php
- http://pi###cause.net/index.php
- http://mu###hot.net/index.php
- http://pi###back.net/index.php
- http://mu###ause.net/index.php
- http://pi###shot.net/index.php
- http://ve###hot.net/index.php
- http://to###ack.net/index.php
- http://fa###ack.net/index.php
- http://to###hot.net/index.php
- http://fa###hot.net/index.php
- http://we###ure.net/index.php
- http://ve###ause.net/index.php
- http://we###hot.net/index.php
- http://ve###ure.net/index.php
- http://we###ause.net/index.php
- DNS ASK tr###prove.net
- DNS ASK yo###rove.net
- DNS ASK yo###ers.net
- DNS ASK yo###lept.net
- DNS ASK tr###hers.net
- DNS ASK vi###lept.net
- DNS ASK lr###hers.net
- DNS ASK lr###slept.net
- DNS ASK tr###break.net
- DNS ASK yo###reak.net
- DNS ASK wa###ause.net
- DNS ASK ta###ause.net
- DNS ASK ta###ure.net
- DNS ASK mu###ack.net
- DNS ASK wa###ure.net
- DNS ASK ta###ack.net
- DNS ASK tr###slept.net
- DNS ASK wa###ack.net
- DNS ASK wa###hot.net
- DNS ASK ta###hot.net
- DNS ASK se###slept.net
- DNS ASK le###slept.net
- DNS ASK fi###reak.net
- DNS ASK fi###rove.net
- DNS ASK pl###break.net
- DNS ASK le###prove.net
- DNS ASK se###break.net
- DNS ASK se###prove.net
- DNS ASK se###hers.net
- DNS ASK le###hers.net
- DNS ASK lr###break.net
- DNS ASK vi###reak.net
- DNS ASK vi###rove.net
- DNS ASK vi###ers.net
- DNS ASK lr###prove.net
- DNS ASK fi###ers.net
- DNS ASK pl###prove.net
- DNS ASK pl###hers.net
- DNS ASK pl###slept.net
- DNS ASK fi###lept.net
- DNS ASK se###shot.net
- DNS ASK le###shot.net
- DNS ASK be##lxc.com
- DNS ASK le###cause.net
- DNS ASK se###back.net
- DNS ASK fa###ure.net
- DNS ASK to###ause.net
- DNS ASK le###back.net
- DNS ASK to###ure.net
- DNS ASK ri###nstorm.net
- DNS ASK mo###ugust.net
- DNS ASK mi###hown.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK ab###ell.net
- DNS ASK ca####nbring.net
- DNS ASK al###being.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK fa###ause.net
- DNS ASK pi###sure.net
- DNS ASK mu###ure.net
- DNS ASK we###ack.net
- DNS ASK ve###ack.net
- DNS ASK pi###cause.net
- DNS ASK mu###hot.net
- DNS ASK pi###back.net
- DNS ASK mu###ause.net
- DNS ASK pi###shot.net
- DNS ASK ve###hot.net
- DNS ASK to###ack.net
- DNS ASK fa###ack.net
- DNS ASK to###hot.net
- DNS ASK fa###hot.net
- DNS ASK we###ure.net
- DNS ASK ve###ause.net
- DNS ASK we###hot.net
- DNS ASK ve###ure.net
- DNS ASK we###ause.net
- '23#.#55.255.250':1900