Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Bus Reports Locator DHCP PnP-X' = '<SYSTEM32>\kejhkegwo.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Software Group Defragmenter Problem] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\phuikdhnvrb.exe' "<SYSTEM32>\kejhkegwo.exe"
- '%WINDIR%\Temp\as1s2eh3w9waz1w.exe' -r 51047 tcp
- '%TEMP%\as1s2eh3m4waz1eyirzv.exe'
- '<SYSTEM32>\kejhkegwo.exe'
- <SYSTEM32>\mypcszbcurkoz\run
- <SYSTEM32>\mypcszbcurkoz\rng
- %WINDIR%\Temp\as1s2eh3w9waz1w.exe
- <SYSTEM32>\mypcszbcurkoz\cfg
- <SYSTEM32>\phuikdhnvrb.exe
- %TEMP%\as1s2eh3m4waz1eyirzv.exe
- <SYSTEM32>\mypcszbcurkoz\tst
- <SYSTEM32>\kejhkegwo.exe
- <SYSTEM32>\mypcszbcurkoz\etc
- <SYSTEM32>\phuikdhnvrb.exe
- <SYSTEM32>\kejhkegwo.exe
- %WINDIR%\Temp\as1s2eh3w9waz1w.exe
- <DRIVERS>\etc\hosts
- %TEMP%\as1s2eh3m4waz1eyirzv.exe
- 'gj####vcaouy.net':80
- 'hi###anblog.net':80
- 'pa####ciostit.net':80
- 'su#####ollarsyes.net':80
- 'gr####oholist.net':80
- 'ch####rsdolist.com':80
- 'de###batten.com':80
- 'bo####utanase.net':80
- 'jo###ryta.net':80
- 'ge#####alixtentop.net':80
- 'de###batten.net':80
- 'fa######pulepunctcom.net':80
- 'ch####rsdolist.net':80
- 'pe####ersonals.net':80
- 've####tistic.net':80
- 'ma#####ousestoday.net':80
- 'ka####tixter.net':80
- 'bl#####eronredmoon.net':80
- 'pe####ersonals.com':80
- 'ge#####alixtentop.com':80
- 'ka####tixter.com':80
- 'wa####rbulldog.com':80
- 'fa######pulepunctcom.com':80
- 've####tistic.com':80
- 'gr####oholist.com':80
- 'jo###ryta.com':80
- 'pa####ciostit.com':80
- 'gj####vcaouy.com':80
- 'su#####ollarsyes.com':80
- 'hi###anblog.com':80
- 'bl#####eronredmoon.com':80
- 'ma#####ousestoday.com':80
- 'bo####utanase.com':80
- 'af####chmonitor.com':80
- 'ja###uter.com':80
- 'nu######casanuteintorci.com':80
- 'cr######ucoarnedecal.com':80
- gj####vcaouy.net/so31/isup.php?v=###################
- hi###anblog.net/so31/isup.php?v=###################
- pa####ciostit.net/so31/isup.php?v=###################
- su#####ollarsyes.net/so31/isup.php?v=###################
- gr####oholist.net/so31/isup.php?v=###################
- ch####rsdolist.com/so31/isup.php?v=###################
- de###batten.com/so31/isup.php?v=###################
- bo####utanase.net/so31/isup.php?v=###################
- jo###ryta.net/so31/isup.php?v=###################
- ge#####alixtentop.net/so31/isup.php?v=###################
- de###batten.net/so31/isup.php?v=###################
- fa######pulepunctcom.net/so31/isup.php?v=###################
- ch####rsdolist.net/so31/isup.php?v=###################
- pe####ersonals.net/so31/isup.php?v=###################
- ve####tistic.net/so31/isup.php?v=###################
- ma#####ousestoday.net/so31/isup.php?v=###################
- ka####tixter.net/so31/isup.php?v=###################
- bl#####eronredmoon.net/so31/isup.php?v=###################
- pe####ersonals.com/so31/isup.php?v=###################
- ge#####alixtentop.com/so31/isup.php?v=###################
- ka####tixter.com/so31/isup.php?v=###################
- wa####rbulldog.com/so31/isup.php?v=###################
- fa######pulepunctcom.com/so31/isup.php?v=###################
- ve####tistic.com/so31/isup.php?v=###################
- gr####oholist.com/so31/isup.php?v=###################
- jo###ryta.com/so31/isup.php?v=###################
- pa####ciostit.com/so31/isup.php?v=###################
- gj####vcaouy.com/so31/isup.php?v=###################
- su#####ollarsyes.com/so31/isup.php?v=###################
- hi###anblog.com/so31/isup.php?v=###################
- bl#####eronredmoon.com/so31/isup.php?v=###################
- ma#####ousestoday.com/so31/isup.php?v=###################
- bo####utanase.com/so31/isup.php?v=###################
- af####chmonitor.com/so31/isup.php?v=###################
- ja###uter.com/so31/isup.php?v=###################
- nu######casanuteintorci.com/so31/isup.php?v=###################
- cr######ucoarnedecal.com/so31/isup.php?v=###################
- DNS ASK hi###anblog.net
- DNS ASK gr####oholist.net
- DNS ASK su#####ollarsyes.net
- DNS ASK gj####vcaouy.net
- DNS ASK bo####utanase.net
- DNS ASK de###batten.com
- DNS ASK pe####ersonals.com
- DNS ASK jo###ryta.net
- DNS ASK ch####rsdolist.com
- DNS ASK pa####ciostit.net
- DNS ASK ge#####alixtentop.net
- DNS ASK de###batten.net
- DNS ASK fa######pulepunctcom.net
- DNS ASK ch####rsdolist.net
- DNS ASK pe####ersonals.net
- DNS ASK ve####tistic.net
- DNS ASK ma#####ousestoday.net
- DNS ASK ka####tixter.net
- DNS ASK bl#####eronredmoon.net
- DNS ASK ge#####alixtentop.com
- DNS ASK ka####tixter.com
- DNS ASK wa####rbulldog.com
- DNS ASK fa######pulepunctcom.com
- DNS ASK ve####tistic.com
- DNS ASK gr####oholist.com
- DNS ASK jo###ryta.com
- DNS ASK pa####ciostit.com
- DNS ASK gj####vcaouy.com
- DNS ASK su#####ollarsyes.com
- DNS ASK hi###anblog.com
- DNS ASK bl#####eronredmoon.com
- DNS ASK ma#####ousestoday.com
- DNS ASK bo####utanase.com
- DNS ASK af####chmonitor.com
- DNS ASK ja###uter.com
- DNS ASK nu######casanuteintorci.com
- DNS ASK cr######ucoarnedecal.com
- '23#.#55.255.250':1900