Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PnP-X KtmRm Publication Remote Routing' = '<SYSTEM32>\ugpnunfj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Application Resolution Session Encryption] 'ImagePath' = '<SYSTEM32>\ugpnunfj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Application Resolution Session Encryption] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\zlqdxjcpcwh.exe' "<SYSTEM32>\ugpnunfj.exe"
- '%WINDIR%\Temp\stdccyr2yrrrne9.exe' -r 26984 tcp
- '%TEMP%\stdccyr2px6rne9uoxq7f.exe'
- '<SYSTEM32>\ugpnunfj.exe'
- <SYSTEM32>\cvvzbrtgclgn\run
- <SYSTEM32>\cvvzbrtgclgn\rng
- %WINDIR%\Temp\stdccyr2yrrrne9.exe
- <SYSTEM32>\cvvzbrtgclgn\cfg
- <SYSTEM32>\zlqdxjcpcwh.exe
- %TEMP%\stdccyr2px6rne9uoxq7f.exe
- <SYSTEM32>\cvvzbrtgclgn\tst
- <SYSTEM32>\ugpnunfj.exe
- <SYSTEM32>\cvvzbrtgclgn\etc
- <SYSTEM32>\zlqdxjcpcwh.exe
- <SYSTEM32>\ugpnunfj.exe
- %WINDIR%\Temp\stdccyr2yrrrne9.exe
- <DRIVERS>\etc\hosts
- %TEMP%\stdccyr2px6rne9uoxq7f.exe
- 've###asy.net':80
- 'pi###them.net':80
- 've#####siderable.net':80
- 'we###asy.net':80
- 'mu###hem.net':80
- 'pi#####nsiderable.net':80
- 'mu#####siderable.net':80
- 'pi###best.net':80
- 'mu###est.net':80
- 'we#####siderable.net':80
- 'fa#####siderable.net':80
- 'to###asy.net':80
- 'fa###est.net':80
- 'to#####siderable.net':80
- 'fa###asy.net':80
- 'we###est.net':80
- 've###est.net':80
- 'we###hem.net':80
- 've###hem.net':80
- 'pi###easy.net':80
- 'yo###ool.net':80
- 'tr###light.net':80
- 'yo###oes.net':80
- 'tr###fool.net':80
- 'yo###ight.net':80
- 'lr###goes.net':80
- 'vi###oes.net':80
- 'tr###gone.net':80
- 'yo###one.net':80
- 'tr###goes.net':80
- 'ta###hem.net':80
- 'wa###est.net':80
- 'mu###asy.net':80
- 'wa###hem.net':80
- 'ta###est.net':80
- 'wa###asy.net':80
- 'ta###asy.net':80
- 'wa#####siderable.net':80
- 'ta#####siderable.net':80
- 'lr###them.net':80
- 'vi###hem.net':80
- 'be##lxc.com':80
- 'yo###asy.net':80
- 'lr###best.net':80
- 'vi#####siderable.net':80
- 'lr###easy.net':80
- 'vi###est.net':80
- 'lr#####nsiderable.net':80
- 'ri###nstorm.net':80
- 'mo###ugust.net':80
- 'mi###hown.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'ab###ell.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'vi###asy.net':80
- 'se#####nsiderable.net':80
- 'le#####nsiderable.net':80
- 'se###best.net':80
- 'le###best.net':80
- 'se###easy.net':80
- 'fa###hem.net':80
- 'to###est.net':80
- 'le###easy.net':80
- 'to###hem.net':80
- 'le###them.net':80
- 'pl###best.net':80
- 'fi###est.net':80
- 'pl###them.net':80
- 'fi###hem.net':80
- 'pl#####nsiderable.net':80
- 'fi###asy.net':80
- 'se###them.net':80
- 'fi#####siderable.net':80
- 'pl###easy.net':80
- http://ve###asy.net/index.php
- http://pi###them.net/index.php
- http://ve#####siderable.net/index.php
- http://we###asy.net/index.php
- http://mu###hem.net/index.php
- http://pi#####nsiderable.net/index.php
- http://mu#####siderable.net/index.php
- http://pi###best.net/index.php
- http://mu###est.net/index.php
- http://we#####siderable.net/index.php
- http://fa#####siderable.net/index.php
- http://to###asy.net/index.php
- http://fa###est.net/index.php
- http://to#####siderable.net/index.php
- http://fa###asy.net/index.php
- http://we###est.net/index.php
- http://ve###est.net/index.php
- http://we###hem.net/index.php
- http://ve###hem.net/index.php
- http://pi###easy.net/index.php
- http://yo###ool.net/index.php
- http://tr###light.net/index.php
- http://yo###oes.net/index.php
- http://tr###fool.net/index.php
- http://yo###ight.net/index.php
- http://lr###goes.net/index.php
- http://vi###oes.net/index.php
- http://tr###gone.net/index.php
- http://yo###one.net/index.php
- http://tr###goes.net/index.php
- http://ta###hem.net/index.php
- http://wa###est.net/index.php
- http://mu###asy.net/index.php
- http://wa###hem.net/index.php
- http://ta###est.net/index.php
- http://wa###asy.net/index.php
- http://ta###asy.net/index.php
- http://wa#####siderable.net/index.php
- http://ta#####siderable.net/index.php
- http://lr###them.net/index.php
- http://vi###hem.net/index.php
- http://be##lxc.com/index.php
- http://yo###asy.net/index.php
- http://lr###best.net/index.php
- http://vi#####siderable.net/index.php
- http://lr###easy.net/index.php
- http://vi###est.net/index.php
- http://lr#####nsiderable.net/index.php
- http://ri###nstorm.net/index.php
- http://mo###ugust.net/index.php
- http://mi###hown.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://ab###ell.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://vi###asy.net/index.php
- http://se#####nsiderable.net/index.php
- http://le#####nsiderable.net/index.php
- http://se###best.net/index.php
- http://le###best.net/index.php
- http://se###easy.net/index.php
- http://fa###hem.net/index.php
- http://to###est.net/index.php
- http://le###easy.net/index.php
- http://to###hem.net/index.php
- http://le###them.net/index.php
- http://pl###best.net/index.php
- http://fi###est.net/index.php
- http://pl###them.net/index.php
- http://fi###hem.net/index.php
- http://pl#####nsiderable.net/index.php
- http://fi###asy.net/index.php
- http://se###them.net/index.php
- http://fi#####siderable.net/index.php
- http://pl###easy.net/index.php
- DNS ASK pi###them.net
- DNS ASK mu###hem.net
- DNS ASK ve###asy.net
- DNS ASK ve#####siderable.net
- DNS ASK we###asy.net
- DNS ASK mu#####siderable.net
- DNS ASK pi###easy.net
- DNS ASK pi#####nsiderable.net
- DNS ASK pi###best.net
- DNS ASK mu###est.net
- DNS ASK to###asy.net
- DNS ASK fa###asy.net
- DNS ASK fa#####siderable.net
- DNS ASK fa###est.net
- DNS ASK to#####siderable.net
- DNS ASK ve###est.net
- DNS ASK we#####siderable.net
- DNS ASK we###est.net
- DNS ASK we###hem.net
- DNS ASK ve###hem.net
- DNS ASK tr###light.net
- DNS ASK yo###ight.net
- DNS ASK yo###ool.net
- DNS ASK yo###oes.net
- DNS ASK tr###fool.net
- DNS ASK vi###oes.net
- DNS ASK lr###fool.net
- DNS ASK lr###goes.net
- DNS ASK tr###gone.net
- DNS ASK yo###one.net
- DNS ASK wa###est.net
- DNS ASK ta###est.net
- DNS ASK ta###hem.net
- DNS ASK mu###asy.net
- DNS ASK wa###hem.net
- DNS ASK ta###asy.net
- DNS ASK tr###goes.net
- DNS ASK wa###asy.net
- DNS ASK wa#####siderable.net
- DNS ASK ta#####siderable.net
- DNS ASK lr###them.net
- DNS ASK vi###hem.net
- DNS ASK be##lxc.com
- DNS ASK yo###asy.net
- DNS ASK lr###best.net
- DNS ASK vi#####siderable.net
- DNS ASK lr###easy.net
- DNS ASK vi###est.net
- DNS ASK lr#####nsiderable.net
- DNS ASK ri###nstorm.net
- DNS ASK mo###ugust.net
- DNS ASK mi###hown.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK ab###ell.net
- DNS ASK ca####nbring.net
- DNS ASK al###being.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK vi###asy.net
- DNS ASK se#####nsiderable.net
- DNS ASK le#####nsiderable.net
- DNS ASK se###best.net
- DNS ASK le###best.net
- DNS ASK se###easy.net
- DNS ASK fa###hem.net
- DNS ASK to###est.net
- DNS ASK le###easy.net
- DNS ASK to###hem.net
- DNS ASK le###them.net
- DNS ASK pl###best.net
- DNS ASK fi###est.net
- DNS ASK pl###them.net
- DNS ASK fi###hem.net
- DNS ASK pl#####nsiderable.net
- DNS ASK fi###asy.net
- DNS ASK se###them.net
- DNS ASK fi#####siderable.net
- DNS ASK pl###easy.net
- '23#.#55.255.250':1900