Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Coordinator Host Intelligent Drive' = '<SYSTEM32>\zpmzgaa.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Propagation Wired TP Files] 'ImagePath' = '<SYSTEM32>\zpmzgaa.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Propagation Wired TP Files] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\fdfxjrixajrm.exe' "<SYSTEM32>\zpmzgaa.exe"
- '%WINDIR%\Temp\giak6gng2po2oaa.exe' -r 42515 tcp
- '%TEMP%\giak6gng2ft0oaaxfoiwk.exe'
- '<SYSTEM32>\zpmzgaa.exe'
- <SYSTEM32>\qvkfxwjenh\run
- <SYSTEM32>\qvkfxwjenh\rng
- %WINDIR%\Temp\giak6gng2po2oaa.exe
- <SYSTEM32>\qvkfxwjenh\cfg
- <SYSTEM32>\fdfxjrixajrm.exe
- %TEMP%\giak6gng2ft0oaaxfoiwk.exe
- <SYSTEM32>\qvkfxwjenh\tst
- <SYSTEM32>\zpmzgaa.exe
- <SYSTEM32>\qvkfxwjenh\etc
- <SYSTEM32>\fdfxjrixajrm.exe
- <SYSTEM32>\zpmzgaa.exe
- %WINDIR%\Temp\giak6gng2po2oaa.exe
- <DRIVERS>\etc\hosts
- %TEMP%\giak6gng2ft0oaaxfoiwk.exe
- 'mo###nice.net':80
- 'wa###ice.net':80
- 'wa###ine.net':80
- 'fa####portant.net':80
- 'mo###fine.net':80
- 'wa####portant.net':80
- 'st###fine.net':80
- 'mo####mportant.net':80
- 'mo###else.net':80
- 'wa###lse.net':80
- 'le###fine.net':80
- 'fa###ine.net':80
- 'ga####portant.net':80
- 'ga###lse.net':80
- 'bo####portant.net':80
- 'fa###lse.net':80
- 'le####mportant.net':80
- 'le###else.net':80
- 'le###nice.net':80
- 'fa###ice.net':80
- 'we###ine.net':80
- 'fo####mportant.net':80
- 'se###ine.net':80
- 'af####mportant.net':80
- 'af###else.net':80
- 'fo###else.net':80
- 'se###lse.net':80
- 'we####dayelse.net':80
- 'we####daynice.net':80
- 'we####dayfine.net':80
- 'se###ice.net':80
- 'we###lse.net':80
- 'st####mportant.net':80
- 'st###else.net':80
- 'st###nice.net':80
- 'we###ice.net':80
- 'af###nice.net':80
- 'fo###nice.net':80
- 'fo###fine.net':80
- 'we####portant.net':80
- 'af###fine.net':80
- 'bo###lse.net':80
- 'se###lept.net':80
- 'we####dayslept.net':80
- 'fo###break.net':80
- 'fo###prove.net':80
- 'af###break.net':80
- 'we####dayprove.net':80
- 'se###reak.net':80
- 'se###rove.net':80
- 'se###ers.net':80
- 'we####dayhers.net':80
- 'de###lxc.com':80
- 'we###reak.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'fo###hers.net':80
- 'af###prove.net':80
- 'af###hers.net':80
- 'af###slept.net':80
- 'fo###slept.net':80
- 'we####daybreak.net':80
- 'qu###else.net':80
- 'fi####mportant.net':80
- 'fi###else.net':80
- 'fi###nice.net':80
- 'qu###nice.net':80
- 'bo###ice.net':80
- 'ga###ice.net':80
- 'ga###ine.net':80
- 'qu####mportant.net':80
- 'bo###ine.net':80
- 'na###ers.net':80
- 'dr###prove.net':80
- 'dr###hers.net':80
- 'dr###slept.net':80
- 'na###lept.net':80
- 'fi###fine.net':80
- 'qu###fine.net':80
- 'na###reak.net':80
- 'na###rove.net':80
- 'dr###break.net':80
- http://mo###nice.net/index.php
- http://wa###ice.net/index.php
- http://wa###ine.net/index.php
- http://fa####portant.net/index.php
- http://mo###fine.net/index.php
- http://wa####portant.net/index.php
- http://st###fine.net/index.php
- http://mo####mportant.net/index.php
- http://mo###else.net/index.php
- http://wa###lse.net/index.php
- http://le###fine.net/index.php
- http://fa###ine.net/index.php
- http://ga####portant.net/index.php
- http://ga###lse.net/index.php
- http://bo####portant.net/index.php
- http://fa###lse.net/index.php
- http://le####mportant.net/index.php
- http://le###else.net/index.php
- http://le###nice.net/index.php
- http://fa###ice.net/index.php
- http://we###ine.net/index.php
- http://fo####mportant.net/index.php
- http://se###ine.net/index.php
- http://af####mportant.net/index.php
- http://af###else.net/index.php
- http://fo###else.net/index.php
- http://se###lse.net/index.php
- http://we####dayelse.net/index.php
- http://we####daynice.net/index.php
- http://we####dayfine.net/index.php
- http://se###ice.net/index.php
- http://we###lse.net/index.php
- http://st####mportant.net/index.php
- http://st###else.net/index.php
- http://st###nice.net/index.php
- http://we###ice.net/index.php
- http://af###nice.net/index.php
- http://fo###nice.net/index.php
- http://fo###fine.net/index.php
- http://we####portant.net/index.php
- http://af###fine.net/index.php
- http://bo###lse.net/index.php
- http://se###lept.net/index.php
- http://we####dayslept.net/index.php
- http://fo###break.net/index.php
- http://fo###prove.net/index.php
- http://af###break.net/index.php
- http://we####dayprove.net/index.php
- http://se###reak.net/index.php
- http://se###rove.net/index.php
- http://se###ers.net/index.php
- http://we####dayhers.net/index.php
- http://de###lxc.com/index.php
- http://we###reak.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://fo###hers.net/index.php
- http://af###prove.net/index.php
- http://af###hers.net/index.php
- http://af###slept.net/index.php
- http://fo###slept.net/index.php
- http://we####daybreak.net/index.php
- http://qu###else.net/index.php
- http://fi####mportant.net/index.php
- http://fi###else.net/index.php
- http://fi###nice.net/index.php
- http://qu###nice.net/index.php
- http://bo###ice.net/index.php
- http://ga###ice.net/index.php
- http://ga###ine.net/index.php
- http://qu####mportant.net/index.php
- http://bo###ine.net/index.php
- http://na###ers.net/index.php
- http://dr###prove.net/index.php
- http://dr###hers.net/index.php
- http://dr###slept.net/index.php
- http://na###lept.net/index.php
- http://fi###fine.net/index.php
- http://qu###fine.net/index.php
- http://na###reak.net/index.php
- http://na###rove.net/index.php
- http://dr###break.net/index.php
- DNS ASK wa###ice.net
- DNS ASK mo###else.net
- DNS ASK mo###nice.net
- DNS ASK mo###fine.net
- DNS ASK wa###ine.net
- DNS ASK st###fine.net
- DNS ASK we###ine.net
- DNS ASK wa####portant.net
- DNS ASK wa###lse.net
- DNS ASK mo####mportant.net
- DNS ASK fa####portant.net
- DNS ASK le###fine.net
- DNS ASK fa###ine.net
- DNS ASK ga####portant.net
- DNS ASK ga###lse.net
- DNS ASK bo####portant.net
- DNS ASK fa###lse.net
- DNS ASK le####mportant.net
- DNS ASK le###else.net
- DNS ASK le###nice.net
- DNS ASK fa###ice.net
- DNS ASK se###ine.net
- DNS ASK we####dayfine.net
- DNS ASK fo####mportant.net
- DNS ASK fo###else.net
- DNS ASK af####mportant.net
- DNS ASK we####dayelse.net
- DNS ASK se####portant.net
- DNS ASK se###lse.net
- DNS ASK se###ice.net
- DNS ASK we####daynice.net
- DNS ASK af###else.net
- DNS ASK we###lse.net
- DNS ASK st####mportant.net
- DNS ASK st###else.net
- DNS ASK st###nice.net
- DNS ASK we###ice.net
- DNS ASK af###nice.net
- DNS ASK fo###nice.net
- DNS ASK fo###fine.net
- DNS ASK we####portant.net
- DNS ASK af###fine.net
- DNS ASK bo###lse.net
- DNS ASK se###lept.net
- DNS ASK we####dayslept.net
- DNS ASK fo###break.net
- DNS ASK fo###prove.net
- DNS ASK af###break.net
- DNS ASK we####dayprove.net
- DNS ASK se###reak.net
- DNS ASK se###rove.net
- DNS ASK se###ers.net
- DNS ASK we####dayhers.net
- DNS ASK de###lxc.com
- DNS ASK we###reak.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK fo###hers.net
- DNS ASK af###prove.net
- DNS ASK af###hers.net
- DNS ASK af###slept.net
- DNS ASK fo###slept.net
- DNS ASK we####daybreak.net
- DNS ASK qu###else.net
- DNS ASK fi####mportant.net
- DNS ASK fi###else.net
- DNS ASK fi###nice.net
- DNS ASK qu###nice.net
- DNS ASK bo###ice.net
- DNS ASK ga###ice.net
- DNS ASK ga###ine.net
- DNS ASK qu####mportant.net
- DNS ASK bo###ine.net
- DNS ASK na###ers.net
- DNS ASK dr###prove.net
- DNS ASK dr###hers.net
- DNS ASK dr###slept.net
- DNS ASK na###lept.net
- DNS ASK fi###fine.net
- DNS ASK qu###fine.net
- DNS ASK na###reak.net
- DNS ASK na###rove.net
- DNS ASK dr###break.net
- '23#.#55.255.250':1900