Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Shell Enumerator Client Bus UserMode' = '<SYSTEM32>\oqumpdlygxab.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Thread Bus Link Config Alerts] 'ImagePath' = '<SYSTEM32>\oqumpdlygxab.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Thread Bus Link Config Alerts] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\ryqcdwts.exe' "<SYSTEM32>\oqumpdlygxab.exe"
- '%WINDIR%\Temp\edbh2c5v347xvxjq.exe' -r 30719 tcp
- '%TEMP%\edbh2c5v2xvmvxjqeyhova.exe'
- '<SYSTEM32>\oqumpdlygxab.exe'
- <SYSTEM32>\xhiyuaob\run
- <SYSTEM32>\xhiyuaob\rng
- %WINDIR%\Temp\edbh2c5v347xvxjq.exe
- <SYSTEM32>\xhiyuaob\cfg
- <SYSTEM32>\ryqcdwts.exe
- %TEMP%\edbh2c5v2xvmvxjqeyhova.exe
- <SYSTEM32>\xhiyuaob\tst
- <SYSTEM32>\oqumpdlygxab.exe
- <SYSTEM32>\xhiyuaob\etc
- <SYSTEM32>\ryqcdwts.exe
- <SYSTEM32>\oqumpdlygxab.exe
- %WINDIR%\Temp\edbh2c5v347xvxjq.exe
- <DRIVERS>\etc\hosts
- %TEMP%\edbh2c5v2xvmvxjqeyhova.exe
- 'pu###ine.net':80
- 'fr###yhello.net':80
- 'pu###ive.net':80
- 'fr###ymine.net':80
- 'sh###serve.net':80
- 'de###ive.net':80
- 'pu###ello.net':80
- 'de###erve.net':80
- 'al###mine.net':80
- 'de####erhello.net':80
- 'al###live.net':80
- 'de####ermine.net':80
- 'pu###erve.net':80
- 'fr###ylive.net':80
- 'al###hello.net':80
- 'fr###yserve.net':80
- 'sh###live.net':80
- 'ti###ello.net':80
- 'st###march.net':80
- 'ti###ine.net':80
- 'mo###mine.net':80
- 'la###onea.com':80
- 'do####n4guia.com':80
- 'ta###fruit.net':80
- 'da###ekilai.com':80
- 'de###ello.net':80
- 'sh###hello.net':80
- 'de###ine.net':80
- 'sh###mine.net':80
- 'ti###ive.net':80
- 'mo###live.net':80
- 'ti###erve.net':80
- 'mo###serve.net':80
- http://pu###ine.net/forum/search.php?me#########################################
- http://fr###yhello.net/forum/search.php?me#########################################
- http://pu###ive.net/forum/search.php?me#########################################
- http://fr###ymine.net/forum/search.php?me#########################################
- http://sh###serve.net/forum/search.php?me#########################################
- http://de###ive.net/forum/search.php?me#########################################
- http://pu###ello.net/forum/search.php?me#########################################
- http://de###erve.net/forum/search.php?me#########################################
- http://al###mine.net/forum/search.php?me#########################################
- http://de####erhello.net/forum/search.php?me#########################################
- http://al###live.net/forum/search.php?me#########################################
- http://de####ermine.net/forum/search.php?me#########################################
- http://pu###erve.net/forum/search.php?me#########################################
- http://fr###ylive.net/forum/search.php?me#########################################
- http://al###hello.net/forum/search.php?me#########################################
- http://fr###yserve.net/forum/search.php?me#########################################
- http://sh###live.net/forum/search.php?me#########################################
- http://ti###ello.net/forum/search.php?me#########################################
- http://st###march.net/forum/search.php?me#########################################
- http://ti###ine.net/forum/search.php?me#########################################
- http://mo###mine.net/forum/search.php?me#########################################
- http://la###onea.com/forum/search.php?me#########################################
- http://do####n4guia.com/forum/search.php?me#########################################
- http://ta###fruit.net/forum/search.php?me#########################################
- http://da###ekilai.com/forum/search.php?me#########################################
- http://de###ello.net/forum/search.php?me#########################################
- http://sh###hello.net/forum/search.php?me#########################################
- http://de###ine.net/forum/search.php?me#########################################
- http://sh###mine.net/forum/search.php?me#########################################
- http://ti###ive.net/forum/search.php?me#########################################
- http://mo###live.net/forum/search.php?me#########################################
- http://ti###erve.net/forum/search.php?me#########################################
- http://mo###serve.net/forum/search.php?me#########################################
- DNS ASK fr###yhello.net
- DNS ASK pu###ello.net
- DNS ASK fr###ymine.net
- DNS ASK pu###ine.net
- DNS ASK de###ive.net
- DNS ASK sh###live.net
- DNS ASK de###erve.net
- DNS ASK sh###serve.net
- DNS ASK pu###ive.net
- DNS ASK al###mine.net
- DNS ASK de####erhello.net
- DNS ASK al###live.net
- DNS ASK de####ermine.net
- DNS ASK pu###erve.net
- DNS ASK fr###ylive.net
- DNS ASK al###hello.net
- DNS ASK fr###yserve.net
- DNS ASK de###ine.net
- DNS ASK st###march.net
- DNS ASK ta###fruit.net
- DNS ASK mo###mine.net
- DNS ASK ti###ello.net
- DNS ASK fr###secas.com
- DNS ASK do####n4guia.com
- DNS ASK da###ekilai.com
- DNS ASK la###onea.com
- DNS ASK sh###hello.net
- DNS ASK ti###erve.net
- DNS ASK sh###mine.net
- DNS ASK de###ello.net
- DNS ASK mo###live.net
- DNS ASK ti###ine.net
- DNS ASK mo###serve.net
- DNS ASK ti###ive.net
- '23#.#55.255.250':1900