Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Error Link Connections Protocol Brightness' = 'C:\uazbbihfvg\rtcryrkakikd.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Key Volume IPsec UserMode Policy Portable Reports] 'ImagePath' = 'C:\uazbbihfvg\rtcryrkakikd.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Key Volume IPsec UserMode Policy Portable Reports] 'Start' = '00000002'
- 'C:\uazbbihfvg\nubktzumgeu.exe' "c:\uazbbihfvg\rtcryrkakikd.exe"
- 'C:\uazbbihfvg\rtcryrkakikd.exe'
- 'C:\uazbbihfvg\ad2jesacchvddkdlv4u.exe'
- C:\uazbbihfvg\rtcryrkakikd.exe
- C:\uazbbihfvg\nubktzumgeu.exe
- C:\uazbbihfvg\ad2jesacchvddkdlv4u.exe
- %WINDIR%\uazbbihfvg\qzsdvyx
- C:\uazbbihfvg\qzsdvyx
- C:\uazbbihfvg\nubktzumgeu.exe
- C:\uazbbihfvg\rtcryrkakikd.exe
- C:\uazbbihfvg\ad2jesacchvddkdlv4u.exe
- %WINDIR%\uazbbihfvg\qzsdvyx
- %WINDIR%\uazbbihfvg\qzsdvyx
- 'st####shoulder.net':80
- 'tr####houlder.net':80
- 'st###tabove.net':80
- 'tr###above.net':80
- 'st####finger.net':80
- 'ga###runtil.net':80
- 'be###rabove.net':80
- 'tr###finger.net':80
- 'be###runtil.net':80
- 'el####icabove.net':80
- 're####shoulder.net':80
- 'el####icuntil.net':80
- 're###dabove.net':80
- 'el#####cshoulder.net':80
- 'st###tuntil.net':80
- 'tr###until.net':80
- 're####finger.net':80
- 'el####icfinger.net':80
- 'fl###finger.net':80
- 'br###finger.net':80
- 'fl####houlder.net':80
- 'br####houlder.net':80
- 'qu###until.net':80
- 'se###nabove.net':80
- 'qu####houlder.net':80
- 'se###nuntil.net':80
- 'qu###above.net':80
- 'ga####shoulder.net':80
- 'be####finger.net':80
- 'ga###rabove.net':80
- 'be####shoulder.net':80
- 'ga####finger.net':80
- 'fl###above.net':80
- 'br###above.net':80
- 'fl###until.net':80
- 'br###until.net':80
- 're###duntil.net':80
- 'se####company.net':80
- 'ag####tuntil.net':80
- 'se####become.net':80
- 'qu####ompany.net':80
- 'do###until.net':80
- 'ag####tshoulder.net':80
- 'do####houlder.net':80
- 'ag####tabove.net':80
- 'do###above.net':80
- 'fl####ompany.net':80
- 'br####ompany.net':80
- 'fl###become.net':80
- 'br###become.net':80
- 'qu####urther.net':80
- 'se###ncover.net':80
- 'qu###become.net':80
- 'se####further.net':80
- 'qu###cover.net':80
- 'ca####nuntil.net':80
- 'la###above.net':80
- 'de####finger.net':80
- 'la###until.net':80
- 'ca####nabove.net':80
- 'la###finger.net':80
- 'ca####nfinger.net':80
- 'la####houlder.net':80
- 'ca####nshoulder.net':80
- 'ni###until.net':80
- 'de###euntil.net':80
- 'ag####tfinger.net':80
- 'do###finger.net':80
- 'ni###above.net':80
- 'de####shoulder.net':80
- 'ni###finger.net':80
- 'de###eabove.net':80
- 'ni####houlder.net':80
- http://st####shoulder.net/index.php
- http://tr####houlder.net/index.php
- http://st###tabove.net/index.php
- http://tr###above.net/index.php
- http://st####finger.net/index.php
- http://ga###runtil.net/index.php
- http://be###rabove.net/index.php
- http://tr###finger.net/index.php
- http://be###runtil.net/index.php
- http://el####icabove.net/index.php
- http://re####shoulder.net/index.php
- http://el####icuntil.net/index.php
- http://re###dabove.net/index.php
- http://el#####cshoulder.net/index.php
- http://st###tuntil.net/index.php
- http://tr###until.net/index.php
- http://re####finger.net/index.php
- http://el####icfinger.net/index.php
- http://fl###finger.net/index.php
- http://br###finger.net/index.php
- http://fl####houlder.net/index.php
- http://br####houlder.net/index.php
- http://qu###until.net/index.php
- http://se###nabove.net/index.php
- http://qu####houlder.net/index.php
- http://se###nuntil.net/index.php
- http://qu###above.net/index.php
- http://ga####shoulder.net/index.php
- http://be####finger.net/index.php
- http://ga###rabove.net/index.php
- http://be####shoulder.net/index.php
- http://ga####finger.net/index.php
- http://fl###above.net/index.php
- http://br###above.net/index.php
- http://fl###until.net/index.php
- http://br###until.net/index.php
- http://re###duntil.net/index.php
- http://se####company.net/index.php
- http://ag####tuntil.net/index.php
- http://se####become.net/index.php
- http://qu####ompany.net/index.php
- http://do###until.net/index.php
- http://ag####tshoulder.net/index.php
- http://do####houlder.net/index.php
- http://ag####tabove.net/index.php
- http://do###above.net/index.php
- http://fl####ompany.net/index.php
- http://br####ompany.net/index.php
- http://fl###become.net/index.php
- http://br###become.net/index.php
- http://qu####urther.net/index.php
- http://se###ncover.net/index.php
- http://qu###become.net/index.php
- http://se####further.net/index.php
- http://qu###cover.net/index.php
- http://ca####nuntil.net/index.php
- http://la###above.net/index.php
- http://de####finger.net/index.php
- http://la###until.net/index.php
- http://ca####nabove.net/index.php
- http://la###finger.net/index.php
- http://ca####nfinger.net/index.php
- http://la####houlder.net/index.php
- http://ca####nshoulder.net/index.php
- http://ni###until.net/index.php
- http://de###euntil.net/index.php
- http://ag####tfinger.net/index.php
- http://do###finger.net/index.php
- http://ni###above.net/index.php
- http://de####shoulder.net/index.php
- http://ni###finger.net/index.php
- http://de###eabove.net/index.php
- http://ni####houlder.net/index.php
- DNS ASK st####shoulder.net
- DNS ASK tr####houlder.net
- DNS ASK st###tabove.net
- DNS ASK tr###above.net
- DNS ASK st####finger.net
- DNS ASK ga###runtil.net
- DNS ASK be###rabove.net
- DNS ASK tr###finger.net
- DNS ASK be###runtil.net
- DNS ASK el####icabove.net
- DNS ASK re####shoulder.net
- DNS ASK el####icuntil.net
- DNS ASK re###dabove.net
- DNS ASK el#####cshoulder.net
- DNS ASK st###tuntil.net
- DNS ASK tr###until.net
- DNS ASK re####finger.net
- DNS ASK el####icfinger.net
- DNS ASK ga###rabove.net
- DNS ASK br###finger.net
- DNS ASK qu###until.net
- DNS ASK br####houlder.net
- DNS ASK fl###finger.net
- DNS ASK se###nuntil.net
- DNS ASK qu####houlder.net
- DNS ASK se####shoulder.net
- DNS ASK qu###above.net
- DNS ASK se###nabove.net
- DNS ASK be####finger.net
- DNS ASK ga####finger.net
- DNS ASK be####shoulder.net
- DNS ASK ga####shoulder.net
- DNS ASK fl###until.net
- DNS ASK br###above.net
- DNS ASK fl####houlder.net
- DNS ASK br###until.net
- DNS ASK fl###above.net
- DNS ASK se####company.net
- DNS ASK ag####tuntil.net
- DNS ASK se####become.net
- DNS ASK qu####ompany.net
- DNS ASK do###until.net
- DNS ASK ag####tshoulder.net
- DNS ASK do####houlder.net
- DNS ASK ag####tabove.net
- DNS ASK do###above.net
- DNS ASK fl####ompany.net
- DNS ASK br####ompany.net
- DNS ASK fl###become.net
- DNS ASK br###become.net
- DNS ASK qu####urther.net
- DNS ASK se###ncover.net
- DNS ASK qu###become.net
- DNS ASK se####further.net
- DNS ASK qu###cover.net
- DNS ASK ag####tfinger.net
- DNS ASK la###above.net
- DNS ASK ca####nabove.net
- DNS ASK la###until.net
- DNS ASK ca####nuntil.net
- DNS ASK la####houlder.net
- DNS ASK ca####nfinger.net
- DNS ASK re###duntil.net
- DNS ASK ca####nshoulder.net
- DNS ASK la###finger.net
- DNS ASK de###euntil.net
- DNS ASK ni###above.net
- DNS ASK do###finger.net
- DNS ASK ni###until.net
- DNS ASK de###eabove.net
- DNS ASK ni###finger.net
- DNS ASK de####finger.net
- DNS ASK ni####houlder.net
- DNS ASK de####shoulder.net