Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Protected Acquisition Hardware Portable' = '<SYSTEM32>\jorqwziy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Microsoft Event Now Block Keying Tunneling] 'ImagePath' = '<SYSTEM32>\jorqwziy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Microsoft Event Now Block Keying Tunneling] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\yjjcrluixc.exe' "<SYSTEM32>\jorqwziy.exe"
- '%WINDIR%\Temp\jkeqtb2unbag4.exe' -r 42001 tcp
- '%TEMP%\jkeqtb2pywag4roipwz.exe'
- '<SYSTEM32>\jorqwziy.exe'
- <SYSTEM32>\kdhjuzjqj\run
- <SYSTEM32>\kdhjuzjqj\rng
- %WINDIR%\Temp\jkeqtb2unbag4.exe
- <SYSTEM32>\kdhjuzjqj\cfg
- <SYSTEM32>\yjjcrluixc.exe
- %TEMP%\jkeqtb2pywag4roipwz.exe
- <SYSTEM32>\kdhjuzjqj\tst
- <SYSTEM32>\jorqwziy.exe
- <SYSTEM32>\kdhjuzjqj\etc
- <SYSTEM32>\yjjcrluixc.exe
- <SYSTEM32>\jorqwziy.exe
- %WINDIR%\Temp\jkeqtb2unbag4.exe
- <DRIVERS>\etc\hosts
- %TEMP%\jkeqtb2pywag4roipwz.exe
- 'ca###ule.net':80
- 'he###ule.net':80
- 'ca###ear.net':80
- 'he###how.net':80
- 'ca###unt.net':80
- 'he###unt.net':80
- 'qu###hunt.net':80
- 'th###unt.net':80
- 'qu###rule.net':80
- 'he###ear.net':80
- 'qu###show.net':80
- 'th###how.net':80
- 'th###show.net':80
- 'si###show.net':80
- 'th###hunt.net':80
- 'du###ule.net':80
- 'wi###ear.net':80
- 'du###ear.net':80
- 'th###hear.net':80
- 'si###hear.net':80
- 'ca###how.net':80
- 'si###hunt.net':80
- 'th###rule.net':80
- 'si###rule.net':80
- 'th###ule.net':80
- 'si###ule.net':80
- 'me###ear.net':80
- 'si###ear.net':80
- 'me###unt.net':80
- 'si###unt.net':80
- 'me###ule.net':80
- 'da###unt.net':80
- 'cl###rule.net':80
- 'da###ule.net':80
- 'cl###show.net':80
- 'da###how.net':80
- 'cl###hunt.net':80
- 'mo###how.net':80
- 'su###yhunt.net':80
- 'mo###unt.net':80
- 'qu###hear.net':80
- 'th###ear.net':80
- 'su###yshow.net':80
- 'mo###ear.net':80
- 'me###how.net':80
- 'si###how.net':80
- 'su###yrule.net':80
- 'mo###ule.net':80
- 'su###yhear.net':80
- 'mo###ctober.net':80
- 'su###ymoon.net':80
- 'mo###oon.net':80
- 'ri###nstorm.net':80
- 'mo###hoe.net':80
- 'su####october.net':80
- 'si###hoe.net':80
- 'me###ctober.net':80
- 'si###ctober.net':80
- 'su###youter.net':80
- 'mo###uter.net':80
- 'me###hoe.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'mo###ugust.net':80
- 'ef###tbuilt.net':80
- 'th###while.net':80
- 'jo####ymeasure.net':80
- 'pr####tbottom.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'mi###hown.net':80
- 'ab###ell.net':80
- 'mo###olor.net':80
- 'me###oon.net':80
- 'mi###ule.net':80
- 'tr###rule.net':80
- 'mi###ear.net':80
- 'tr###show.net':80
- 'mi###unt.net':80
- 'tr###hunt.net':80
- 'wi###unt.net':80
- 'du###unt.net':80
- 'wi###ule.net':80
- 'tr###hear.net':80
- 'wi###how.net':80
- 'du###how.net':80
- 'cl###shoe.net':80
- 'da###hoe.net':80
- 'cl####ctober.net':80
- 'si###oon.net':80
- 'me###uter.net':80
- 'si###uter.net':80
- 'cl###outer.net':80
- 'da###uter.net':80
- 'mi###how.net':80
- 'da###ctober.net':80
- 'cl###moon.net':80
- 'da###oon.net':80
- http://ca###ule.net/index.php
- http://he###ule.net/index.php
- http://ca###ear.net/index.php
- http://he###how.net/index.php
- http://ca###unt.net/index.php
- http://he###unt.net/index.php
- http://qu###hunt.net/index.php
- http://th###unt.net/index.php
- http://qu###rule.net/index.php
- http://he###ear.net/index.php
- http://qu###show.net/index.php
- http://th###how.net/index.php
- http://th###show.net/index.php
- http://si###show.net/index.php
- http://th###hunt.net/index.php
- http://du###ule.net/index.php
- http://wi###ear.net/index.php
- http://du###ear.net/index.php
- http://th###hear.net/index.php
- http://si###hear.net/index.php
- http://ca###how.net/index.php
- http://si###hunt.net/index.php
- http://th###rule.net/index.php
- http://si###rule.net/index.php
- http://th###ule.net/index.php
- http://si###ule.net/index.php
- http://me###ear.net/index.php
- http://si###ear.net/index.php
- http://me###unt.net/index.php
- http://si###unt.net/index.php
- http://me###ule.net/index.php
- http://da###unt.net/index.php
- http://cl###rule.net/index.php
- http://da###ule.net/index.php
- http://cl###show.net/index.php
- http://da###how.net/index.php
- http://cl###hunt.net/index.php
- http://mo###how.net/index.php
- http://su###yhunt.net/index.php
- http://mo###unt.net/index.php
- http://qu###hear.net/index.php
- http://th###ear.net/index.php
- http://su###yshow.net/index.php
- http://mo###ear.net/index.php
- http://me###how.net/index.php
- http://si###how.net/index.php
- http://su###yrule.net/index.php
- http://mo###ule.net/index.php
- http://su###yhear.net/index.php
- http://mo###ctober.net/index.php
- http://su###ymoon.net/index.php
- http://mo###oon.net/index.php
- http://ri###nstorm.net/index.php
- http://mo###hoe.net/index.php
- http://su####october.net/index.php
- http://si###hoe.net/index.php
- http://me###ctober.net/index.php
- http://si###ctober.net/index.php
- http://su###youter.net/index.php
- http://mo###uter.net/index.php
- http://me###hoe.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://mo###ugust.net/index.php
- http://ef###tbuilt.net/index.php
- http://th###while.net/index.php
- http://jo####ymeasure.net/index.php
- http://pr####tbottom.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://mi###hown.net/index.php
- http://ab###ell.net/index.php
- http://mo###olor.net/index.php
- http://me###oon.net/index.php
- http://mi###ule.net/index.php
- http://tr###rule.net/index.php
- http://mi###ear.net/index.php
- http://tr###show.net/index.php
- http://mi###unt.net/index.php
- http://tr###hunt.net/index.php
- http://wi###unt.net/index.php
- http://du###unt.net/index.php
- http://wi###ule.net/index.php
- http://tr###hear.net/index.php
- http://wi###how.net/index.php
- http://du###how.net/index.php
- http://cl###shoe.net/index.php
- http://da###hoe.net/index.php
- http://cl####ctober.net/index.php
- http://si###oon.net/index.php
- http://me###uter.net/index.php
- http://si###uter.net/index.php
- http://cl###outer.net/index.php
- http://da###uter.net/index.php
- http://mi###how.net/index.php
- http://da###ctober.net/index.php
- http://cl###moon.net/index.php
- http://da###oon.net/index.php
- DNS ASK ca###ule.net
- DNS ASK he###ule.net
- DNS ASK ca###ear.net
- DNS ASK he###how.net
- DNS ASK ca###unt.net
- DNS ASK he###unt.net
- DNS ASK qu###hunt.net
- DNS ASK th###unt.net
- DNS ASK qu###rule.net
- DNS ASK he###ear.net
- DNS ASK qu###show.net
- DNS ASK th###how.net
- DNS ASK th###show.net
- DNS ASK si###show.net
- DNS ASK th###hunt.net
- DNS ASK du###ule.net
- DNS ASK wi###ear.net
- DNS ASK du###ear.net
- DNS ASK th###hear.net
- DNS ASK si###hear.net
- DNS ASK ca###how.net
- DNS ASK si###hunt.net
- DNS ASK th###rule.net
- DNS ASK si###rule.net
- DNS ASK th###ule.net
- DNS ASK si###ule.net
- DNS ASK me###ear.net
- DNS ASK si###ear.net
- DNS ASK me###unt.net
- DNS ASK si###unt.net
- DNS ASK me###ule.net
- DNS ASK da###unt.net
- DNS ASK cl###rule.net
- DNS ASK da###ule.net
- DNS ASK cl###show.net
- DNS ASK da###how.net
- DNS ASK cl###hunt.net
- DNS ASK mo###how.net
- DNS ASK su###yhunt.net
- DNS ASK mo###unt.net
- DNS ASK qu###hear.net
- DNS ASK th###ear.net
- DNS ASK su###yshow.net
- DNS ASK mo###ear.net
- DNS ASK me###how.net
- DNS ASK si###how.net
- DNS ASK su###yrule.net
- DNS ASK mo###ule.net
- DNS ASK su###yhear.net
- DNS ASK wi###ule.net
- DNS ASK mo###ctober.net
- DNS ASK su###ymoon.net
- DNS ASK mo###oon.net
- DNS ASK ri###nstorm.net
- DNS ASK mo###hoe.net
- DNS ASK su####october.net
- DNS ASK si###hoe.net
- DNS ASK me###ctober.net
- DNS ASK si###ctober.net
- DNS ASK su###youter.net
- DNS ASK mo###uter.net
- DNS ASK me###hoe.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK mo###ugust.net
- DNS ASK ef###tbuilt.net
- DNS ASK th###while.net
- DNS ASK jo####ymeasure.net
- DNS ASK pr####tbottom.net
- DNS ASK ca####nbring.net
- DNS ASK al###being.net
- DNS ASK mi###hown.net
- DNS ASK ab###ell.net
- DNS ASK mo###olor.net
- DNS ASK tr###hunt.net
- DNS ASK mi###ule.net
- DNS ASK tr###rule.net
- DNS ASK mi###how.net
- DNS ASK tr###show.net
- DNS ASK mi###unt.net
- DNS ASK du###how.net
- DNS ASK wi###unt.net
- DNS ASK du###unt.net
- DNS ASK mi###ear.net
- DNS ASK tr###hear.net
- DNS ASK wi###how.net
- DNS ASK si###uter.net
- DNS ASK cl###shoe.net
- DNS ASK da###hoe.net
- DNS ASK me###oon.net
- DNS ASK si###oon.net
- DNS ASK me###uter.net
- DNS ASK da###oon.net
- DNS ASK cl###outer.net
- DNS ASK da###uter.net
- DNS ASK cl####ctober.net
- DNS ASK da###ctober.net
- DNS ASK cl###moon.net
- '23#.#55.255.250':1900