Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Program Policy Detection Auto-Discovery' = '<SYSTEM32>\vqqiufvzvs.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\CNG Socket Reporting HomeGroup] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\mljlucieki.exe' "<SYSTEM32>\vqqiufvzvs.exe"
- '%WINDIR%\Temp\xir4nz3844jbxeo.exe' -r 35850 tcp
- '%TEMP%\xir4nz31f8jbxeox87lvem.exe'
- '<SYSTEM32>\vqqiufvzvs.exe'
- <SYSTEM32>\hxzerkpxzci\run
- <SYSTEM32>\hxzerkpxzci\rng
- %WINDIR%\Temp\xir4nz3844jbxeo.exe
- <SYSTEM32>\hxzerkpxzci\cfg
- <SYSTEM32>\mljlucieki.exe
- %TEMP%\xir4nz31f8jbxeox87lvem.exe
- <SYSTEM32>\hxzerkpxzci\tst
- <SYSTEM32>\vqqiufvzvs.exe
- <SYSTEM32>\hxzerkpxzci\etc
- <SYSTEM32>\mljlucieki.exe
- <SYSTEM32>\vqqiufvzvs.exe
- %WINDIR%\Temp\xir4nz3844jbxeo.exe
- <DRIVERS>\etc\hosts
- %TEMP%\xir4nz31f8jbxeox87lvem.exe
- 'kn###ine.net':80
- 'ab###ine.net':80
- 'wi###reak.net':80
- 'wi###rove.net':80
- 'dr###break.net':80
- 'ab###lse.net':80
- 'kn####portant.net':80
- 'kn###lse.net':80
- 'kn###ice.net':80
- 'ab###ice.net':80
- 'dr###prove.net':80
- 'th###hers.net':80
- 'th###prove.net':80
- 'th###slept.net':80
- 'fe###reak.net':80
- 'lo###reak.net':80
- 'dr###hers.net':80
- 'wi###ers.net':80
- 'wi###lept.net':80
- 'th###break.net':80
- 'dr###slept.net':80
- 'si###lse.net':80
- 'ro####portant.net':80
- 'ro###lse.net':80
- 'ro###ice.net':80
- 'si###ice.net':80
- 'mo###ice.net':80
- 'ju###ice.net':80
- 'ju###ine.net':80
- 'si####portant.net':80
- 'mo###ine.net':80
- 'si###ine.net':80
- 'pi###ice.net':80
- 'so###ice.net':80
- 'so###ine.net':80
- 'ab####portant.net':80
- 'pi###ine.net':80
- 'so####portant.net':80
- 'ro###ine.net':80
- 'pi####portant.net':80
- 'pi###lse.net':80
- 'so###lse.net':80
- 'lo###rove.net':80
- 'si###lept.net':80
- 'ro###ers.net':80
- 'ro###lept.net':80
- 'pi###reak.net':80
- 'so###reak.net':80
- 'ro###reak.net':80
- 'si###reak.net':80
- 'si###rove.net':80
- 'si###ers.net':80
- 'ro###rove.net':80
- 'so###rove.net':80
- 'de###lxc.com':80
- 'ab###reak.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'so###ers.net':80
- 'pi###rove.net':80
- 'pi###ers.net':80
- 'pi###lept.net':80
- 'so###lept.net':80
- 'hi###reak.net':80
- 'wh###reak.net':80
- 'wh###rove.net':80
- 'wh###ers.net':80
- 'hi###rove.net':80
- 'lo###ers.net':80
- 'fe###rove.net':80
- 'fe###ers.net':80
- 'fe###lept.net':80
- 'lo###lept.net':80
- 'hi###ers.net':80
- 'ju###ers.net':80
- 'mo###rove.net':80
- 'mo###ers.net':80
- 'mo###lept.net':80
- 'ju###lept.net':80
- 'hi###lept.net':80
- 'wh###lept.net':80
- 'ju###reak.net':80
- 'ju###rove.net':80
- 'mo###reak.net':80
- http://kn###ine.net/index.php
- http://ab###ine.net/index.php
- http://wi###reak.net/index.php
- http://wi###rove.net/index.php
- http://dr###break.net/index.php
- http://ab###lse.net/index.php
- http://kn####portant.net/index.php
- http://kn###lse.net/index.php
- http://kn###ice.net/index.php
- http://ab###ice.net/index.php
- http://dr###prove.net/index.php
- http://th###hers.net/index.php
- http://th###prove.net/index.php
- http://th###slept.net/index.php
- http://fe###reak.net/index.php
- http://lo###reak.net/index.php
- http://dr###hers.net/index.php
- http://wi###ers.net/index.php
- http://wi###lept.net/index.php
- http://th###break.net/index.php
- http://dr###slept.net/index.php
- http://si###lse.net/index.php
- http://ro####portant.net/index.php
- http://ro###lse.net/index.php
- http://ro###ice.net/index.php
- http://si###ice.net/index.php
- http://mo###ice.net/index.php
- http://ju###ice.net/index.php
- http://ju###ine.net/index.php
- http://si####portant.net/index.php
- http://mo###ine.net/index.php
- http://si###ine.net/index.php
- http://pi###ice.net/index.php
- http://so###ice.net/index.php
- http://so###ine.net/index.php
- http://ab####portant.net/index.php
- http://pi###ine.net/index.php
- http://so####portant.net/index.php
- http://ro###ine.net/index.php
- http://pi####portant.net/index.php
- http://pi###lse.net/index.php
- http://so###lse.net/index.php
- http://lo###rove.net/index.php
- http://si###lept.net/index.php
- http://ro###ers.net/index.php
- http://ro###lept.net/index.php
- http://pi###reak.net/index.php
- http://so###reak.net/index.php
- http://ro###reak.net/index.php
- http://si###reak.net/index.php
- http://si###rove.net/index.php
- http://si###ers.net/index.php
- http://ro###rove.net/index.php
- http://so###rove.net/index.php
- http://de###lxc.com/index.php
- http://ab###reak.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://so###ers.net/index.php
- http://pi###rove.net/index.php
- http://pi###ers.net/index.php
- http://pi###lept.net/index.php
- http://so###lept.net/index.php
- http://hi###reak.net/index.php
- http://wh###reak.net/index.php
- http://wh###rove.net/index.php
- http://wh###ers.net/index.php
- http://hi###rove.net/index.php
- http://lo###ers.net/index.php
- http://fe###rove.net/index.php
- http://fe###ers.net/index.php
- http://fe###lept.net/index.php
- http://lo###lept.net/index.php
- http://hi###ers.net/index.php
- http://ju###ers.net/index.php
- http://mo###rove.net/index.php
- http://mo###ers.net/index.php
- http://mo###lept.net/index.php
- http://ju###lept.net/index.php
- http://hi###lept.net/index.php
- http://wh###lept.net/index.php
- http://ju###reak.net/index.php
- http://ju###rove.net/index.php
- http://mo###reak.net/index.php
- DNS ASK wi###reak.net
- DNS ASK kn###ine.net
- DNS ASK dr###break.net
- DNS ASK dr###prove.net
- DNS ASK wi###rove.net
- DNS ASK kn###lse.net
- DNS ASK ab###lse.net
- DNS ASK ab###ice.net
- DNS ASK ab###ine.net
- DNS ASK kn###ice.net
- DNS ASK wi###ers.net
- DNS ASK th###slept.net
- DNS ASK th###hers.net
- DNS ASK lo###reak.net
- DNS ASK lo###rove.net
- DNS ASK fe###reak.net
- DNS ASK wi###lept.net
- DNS ASK dr###hers.net
- DNS ASK dr###slept.net
- DNS ASK th###prove.net
- DNS ASK th###break.net
- DNS ASK kn####portant.net
- DNS ASK si###lse.net
- DNS ASK ro####portant.net
- DNS ASK ro###lse.net
- DNS ASK ro###ice.net
- DNS ASK si###ice.net
- DNS ASK mo###ice.net
- DNS ASK ju###ice.net
- DNS ASK ju###ine.net
- DNS ASK si####portant.net
- DNS ASK mo###ine.net
- DNS ASK si###ine.net
- DNS ASK pi###ice.net
- DNS ASK so###ice.net
- DNS ASK so###ine.net
- DNS ASK ab####portant.net
- DNS ASK pi###ine.net
- DNS ASK so####portant.net
- DNS ASK ro###ine.net
- DNS ASK pi####portant.net
- DNS ASK pi###lse.net
- DNS ASK so###lse.net
- DNS ASK si###lept.net
- DNS ASK ro###ers.net
- DNS ASK ro###lept.net
- DNS ASK pi###reak.net
- DNS ASK so###reak.net
- DNS ASK ro###reak.net
- DNS ASK si###reak.net
- DNS ASK si###rove.net
- DNS ASK si###ers.net
- DNS ASK ro###rove.net
- DNS ASK so###rove.net
- DNS ASK de###lxc.com
- DNS ASK ab###reak.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK so###ers.net
- DNS ASK pi###rove.net
- DNS ASK pi###ers.net
- DNS ASK pi###lept.net
- DNS ASK so###lept.net
- DNS ASK hi###reak.net
- DNS ASK wh###reak.net
- DNS ASK wh###rove.net
- DNS ASK wh###ers.net
- DNS ASK hi###rove.net
- DNS ASK lo###ers.net
- DNS ASK fe###rove.net
- DNS ASK fe###ers.net
- DNS ASK fe###lept.net
- DNS ASK lo###lept.net
- DNS ASK hi###ers.net
- DNS ASK ju###ers.net
- DNS ASK mo###rove.net
- DNS ASK mo###ers.net
- DNS ASK mo###lept.net
- DNS ASK ju###lept.net
- DNS ASK hi###lept.net
- DNS ASK wh###lept.net
- DNS ASK ju###reak.net
- DNS ASK ju###rove.net
- DNS ASK mo###reak.net
- '23#.#55.255.250':1900