Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Base Ordering Installer Registry Office Modules' = '<SYSTEM32>\zpbqmxz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Foundation Credential Assistant] 'ImagePath' = '<SYSTEM32>\zpbqmxz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Foundation Credential Assistant] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\vkmhuotq.exe' "<SYSTEM32>\zpbqmxz.exe"
- '%WINDIR%\Temp\wqrarwoc388gcts.exe' -r 39568 tcp
- '%TEMP%\wqrarwoc2z7dctszu0bku.exe'
- '<SYSTEM32>\zpbqmxz.exe'
- <SYSTEM32>\mfbqfnllgsof\run
- <SYSTEM32>\mfbqfnllgsof\rng
- %WINDIR%\Temp\wqrarwoc388gcts.exe
- <SYSTEM32>\mfbqfnllgsof\cfg
- <SYSTEM32>\vkmhuotq.exe
- %TEMP%\wqrarwoc2z7dctszu0bku.exe
- <SYSTEM32>\mfbqfnllgsof\tst
- <SYSTEM32>\zpbqmxz.exe
- <SYSTEM32>\mfbqfnllgsof\etc
- <SYSTEM32>\vkmhuotq.exe
- <SYSTEM32>\zpbqmxz.exe
- %WINDIR%\Temp\wqrarwoc388gcts.exe
- <DRIVERS>\etc\hosts
- %TEMP%\wqrarwoc2z7dctszu0bku.exe
- 'fe###appy.net':80
- 'lo###appy.net':80
- 'wh###age.net':80
- 'wh###ince.net':80
- 'hi###age.net':80
- 'lo###ince.net':80
- 'fe###age.net':80
- 'fe###ince.net':80
- 'fe###eat.net':80
- 'lo###eat.net':80
- 'hi###ince.net':80
- 'ju###ince.net':80
- 'mo###age.net':80
- 'mo###ince.net':80
- 'mo###eat.net':80
- 'ju###eat.net':80
- 'hi###eat.net':80
- 'wh###eat.net':80
- 'wh###appy.net':80
- 'ju###age.net':80
- 'hi###appy.net':80
- 'ab###oice.net':80
- 'kn###ive.net':80
- 'kn###oice.net':80
- 'dr###page.net':80
- 'wi###age.net':80
- 'kn###hey.net':80
- 'ab###hey.net':80
- 'ab###ight.net':80
- 'ab###ive.net':80
- 'kn###ight.net':80
- 'wi###ince.net':80
- 'th###since.net':80
- 'th###page.net':80
- 'th###heat.net':80
- 'lo###age.net':80
- 'th###happy.net':80
- 'wi###eat.net':80
- 'dr###since.net':80
- 'dr###heat.net':80
- 'dr###happy.net':80
- 'wi###appy.net':80
- 'dr###hand.net':80
- 'wi###and.net':80
- 'wi###ound.net':80
- 'wi###reen.net':80
- 'dr###sound.net':80
- 'ab###eat.net':80
- 'kn###ince.net':80
- 'kn###eat.net':80
- 'kn###appy.net':80
- 'ab###appy.net':80
- 'dr###green.net':80
- 'de###lxc.com':80
- 'th###sound.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'dr###lift.net':80
- 'wi###ift.net':80
- 'lo###and.net':80
- 'lo###ound.net':80
- 'th###hand.net':80
- 'si###eat.net':80
- 'ro###ince.net':80
- 'ro###eat.net':80
- 'ro###appy.net':80
- 'si###appy.net':80
- 'mo###appy.net':80
- 'ju###appy.net':80
- 'si###age.net':80
- 'si###ince.net':80
- 'ro###age.net':80
- 'so###age.net':80
- 'pi###appy.net':80
- 'so###appy.net':80
- 'ab###age.net':80
- 'ab###ince.net':80
- 'kn###age.net':80
- 'so###ince.net':80
- 'pi###age.net':80
- 'pi###ince.net':80
- 'pi###eat.net':80
- 'so###eat.net':80
- http://fe###appy.net/index.php
- http://lo###appy.net/index.php
- http://wh###age.net/index.php
- http://wh###ince.net/index.php
- http://hi###age.net/index.php
- http://lo###ince.net/index.php
- http://fe###age.net/index.php
- http://fe###ince.net/index.php
- http://fe###eat.net/index.php
- http://lo###eat.net/index.php
- http://hi###ince.net/index.php
- http://ju###ince.net/index.php
- http://mo###age.net/index.php
- http://mo###ince.net/index.php
- http://mo###eat.net/index.php
- http://ju###eat.net/index.php
- http://hi###eat.net/index.php
- http://wh###eat.net/index.php
- http://wh###appy.net/index.php
- http://ju###age.net/index.php
- http://hi###appy.net/index.php
- http://ab###oice.net/index.php
- http://kn###ive.net/index.php
- http://kn###oice.net/index.php
- http://dr###page.net/index.php
- http://wi###age.net/index.php
- http://kn###hey.net/index.php
- http://ab###hey.net/index.php
- http://ab###ight.net/index.php
- http://ab###ive.net/index.php
- http://kn###ight.net/index.php
- http://wi###ince.net/index.php
- http://th###since.net/index.php
- http://th###page.net/index.php
- http://th###heat.net/index.php
- http://lo###age.net/index.php
- http://th###happy.net/index.php
- http://wi###eat.net/index.php
- http://dr###since.net/index.php
- http://dr###heat.net/index.php
- http://dr###happy.net/index.php
- http://wi###appy.net/index.php
- http://dr###hand.net/index.php
- http://wi###and.net/index.php
- http://wi###ound.net/index.php
- http://wi###reen.net/index.php
- http://dr###sound.net/index.php
- http://ab###eat.net/index.php
- http://kn###ince.net/index.php
- http://kn###eat.net/index.php
- http://kn###appy.net/index.php
- http://ab###appy.net/index.php
- http://dr###green.net/index.php
- http://de###lxc.com/index.php
- http://th###sound.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://dr###lift.net/index.php
- http://wi###ift.net/index.php
- http://lo###and.net/index.php
- http://lo###ound.net/index.php
- http://th###hand.net/index.php
- http://si###eat.net/index.php
- http://ro###ince.net/index.php
- http://ro###eat.net/index.php
- http://ro###appy.net/index.php
- http://si###appy.net/index.php
- http://mo###appy.net/index.php
- http://ju###appy.net/index.php
- http://si###age.net/index.php
- http://si###ince.net/index.php
- http://ro###age.net/index.php
- http://so###age.net/index.php
- http://pi###appy.net/index.php
- http://so###appy.net/index.php
- http://ab###age.net/index.php
- http://ab###ince.net/index.php
- http://kn###age.net/index.php
- http://so###ince.net/index.php
- http://pi###age.net/index.php
- http://pi###ince.net/index.php
- http://pi###eat.net/index.php
- http://so###eat.net/index.php
- DNS ASK fe###appy.net
- DNS ASK lo###appy.net
- DNS ASK wh###age.net
- DNS ASK wh###ince.net
- DNS ASK hi###age.net
- DNS ASK lo###ince.net
- DNS ASK fe###age.net
- DNS ASK fe###ince.net
- DNS ASK fe###eat.net
- DNS ASK lo###eat.net
- DNS ASK hi###ince.net
- DNS ASK ju###ince.net
- DNS ASK mo###age.net
- DNS ASK mo###ince.net
- DNS ASK mo###eat.net
- DNS ASK ju###eat.net
- DNS ASK hi###eat.net
- DNS ASK wh###eat.net
- DNS ASK wh###appy.net
- DNS ASK ju###age.net
- DNS ASK hi###appy.net
- DNS ASK lo###age.net
- DNS ASK kn###ive.net
- DNS ASK ab###ive.net
- DNS ASK ab###oice.net
- DNS ASK wi###age.net
- DNS ASK kn###oice.net
- DNS ASK ab###hey.net
- DNS ASK pi###oice.net
- DNS ASK kn###hey.net
- DNS ASK kn###ight.net
- DNS ASK ab###ight.net
- DNS ASK dr###page.net
- DNS ASK th###page.net
- DNS ASK dr###happy.net
- DNS ASK th###since.net
- DNS ASK th###happy.net
- DNS ASK th###heat.net
- DNS ASK dr###since.net
- DNS ASK wi###ince.net
- DNS ASK wi###eat.net
- DNS ASK wi###appy.net
- DNS ASK dr###heat.net
- DNS ASK dr###hand.net
- DNS ASK wi###and.net
- DNS ASK wi###ound.net
- DNS ASK wi###reen.net
- DNS ASK dr###sound.net
- DNS ASK ab###eat.net
- DNS ASK kn###ince.net
- DNS ASK kn###eat.net
- DNS ASK kn###appy.net
- DNS ASK ab###appy.net
- DNS ASK dr###green.net
- DNS ASK de###lxc.com
- DNS ASK th###sound.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK dr###lift.net
- DNS ASK wi###ift.net
- DNS ASK lo###and.net
- DNS ASK lo###ound.net
- DNS ASK th###hand.net
- DNS ASK si###eat.net
- DNS ASK ro###ince.net
- DNS ASK ro###eat.net
- DNS ASK ro###appy.net
- DNS ASK si###appy.net
- DNS ASK mo###appy.net
- DNS ASK ju###appy.net
- DNS ASK si###age.net
- DNS ASK si###ince.net
- DNS ASK ro###age.net
- DNS ASK so###age.net
- DNS ASK pi###appy.net
- DNS ASK so###appy.net
- DNS ASK ab###age.net
- DNS ASK ab###ince.net
- DNS ASK kn###age.net
- DNS ASK so###ince.net
- DNS ASK pi###age.net
- DNS ASK pi###ince.net
- DNS ASK pi###eat.net
- DNS ASK so###eat.net
- '23#.#55.255.250':1900