Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Experience Link-Layer User' = '<SYSTEM32>\zicklowyhdbe.exe'
- Windows Security Center
- '<SYSTEM32>\ndsndxjipcq.exe' "<SYSTEM32>\zicklowyhdbe.exe"
- '%TEMP%\w0gafa31x1c0jvz.exe' -r 40202 tcp
- '%TEMP%\w0gafa2wfjc0jvzqkb7wc.exe'
- '<SYSTEM32>\zicklowyhdbe.exe'
- <SYSTEM32>\elwbupoy\run
- <SYSTEM32>\elwbupoy\rng
- %TEMP%\w0gafa31x1c0jvz.exe
- <SYSTEM32>\elwbupoy\cfg
- <SYSTEM32>\ndsndxjipcq.exe
- %TEMP%\w0gafa2wfjc0jvzqkb7wc.exe
- <SYSTEM32>\elwbupoy\tst
- <SYSTEM32>\zicklowyhdbe.exe
- <SYSTEM32>\elwbupoy\etc
- <SYSTEM32>\ndsndxjipcq.exe
- <SYSTEM32>\zicklowyhdbe.exe
- %TEMP%\w0gafa31x1c0jvz.exe
- <DRIVERS>\etc\hosts
- %TEMP%\w0gafa2wfjc0jvzqkb7wc.exe
- 'wi###ont.net':80
- 'du###ont.net':80
- 'du###reat.net':80
- 'du###cene.net':80
- 'wi###reat.net':80
- 'si###scene.net':80
- 'th###great.net':80
- 'th###scene.net':80
- 'th###aunt.net':80
- 'si###aunt.net':80
- 'mi###reat.net':80
- 'tr###great.net':80
- 'tr###scene.net':80
- 'tr###aunt.net':80
- 'mi###cene.net':80
- 'du###unt.net':80
- 'wi###cene.net':80
- 'wi###unt.net':80
- 'mi###ont.net':80
- 'tr###dont.net':80
- 'qu###scene.net':80
- 'th###cene.net':80
- 'th###unt.net':80
- 'he###ont.net':80
- 'qu###aunt.net':80
- 'th###ont.net':80
- 'su###yaunt.net':80
- 'qu###dont.net':80
- 'qu###great.net':80
- 'th###reat.net':80
- 'ca###unt.net':80
- 'he###unt.net':80
- 'si###dont.net':80
- 'si###great.net':80
- 'th###dont.net':80
- 'he###reat.net':80
- 'ca###ont.net':80
- 'ca###reat.net':80
- 'ca###cene.net':80
- 'he###cene.net':80
- 'qu###they.net':80
- 'th###hey.net':80
- 'th###ight.net':80
- 'be##lxc.com':80
- 'qu###eight.net':80
- 'mo###ive.net':80
- 'su###yeight.net':80
- 'su###yfive.net':80
- 'su###yvoice.net':80
- 'mo###oice.net':80
- 'mi###hown.net':80
- 'ab###ell.net':80
- 'mo###ugust.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'al###being.net':80
- 'ri###nstorm.net':80
- 'ca####nbring.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'cl###five.net':80
- 'da###ive.net':80
- 'da###oice.net':80
- 'si###hey.net':80
- 'cl###voice.net':80
- 'da###hey.net':80
- 'mi###unt.net':80
- 'cl###they.net':80
- 'cl###eight.net':80
- 'da###ight.net':80
- 'me###oice.net':80
- 'si###oice.net':80
- 'mo###hey.net':80
- 'mo###ight.net':80
- 'su###ythey.net':80
- 'si###ight.net':80
- 'me###hey.net':80
- 'me###ight.net':80
- 'me###ive.net':80
- 'si###ive.net':80
- http://wi###ont.net/index.php
- http://du###ont.net/index.php
- http://du###reat.net/index.php
- http://du###cene.net/index.php
- http://wi###reat.net/index.php
- http://si###scene.net/index.php
- http://th###great.net/index.php
- http://th###scene.net/index.php
- http://th###aunt.net/index.php
- http://si###aunt.net/index.php
- http://mi###reat.net/index.php
- http://tr###great.net/index.php
- http://tr###scene.net/index.php
- http://tr###aunt.net/index.php
- http://mi###cene.net/index.php
- http://du###unt.net/index.php
- http://wi###cene.net/index.php
- http://wi###unt.net/index.php
- http://mi###ont.net/index.php
- http://tr###dont.net/index.php
- http://qu###scene.net/index.php
- http://th###cene.net/index.php
- http://th###unt.net/index.php
- http://he###ont.net/index.php
- http://qu###aunt.net/index.php
- http://th###ont.net/index.php
- http://su###yaunt.net/index.php
- http://qu###dont.net/index.php
- http://qu###great.net/index.php
- http://th###reat.net/index.php
- http://ca###unt.net/index.php
- http://he###unt.net/index.php
- http://si###dont.net/index.php
- http://si###great.net/index.php
- http://th###dont.net/index.php
- http://he###reat.net/index.php
- http://ca###ont.net/index.php
- http://ca###reat.net/index.php
- http://ca###cene.net/index.php
- http://he###cene.net/index.php
- http://qu###they.net/index.php
- http://th###hey.net/index.php
- http://th###ight.net/index.php
- http://be##lxc.com/index.php
- http://qu###eight.net/index.php
- http://mo###ive.net/index.php
- http://su###yeight.net/index.php
- http://su###yfive.net/index.php
- http://su###yvoice.net/index.php
- http://mo###oice.net/index.php
- http://mi###hown.net/index.php
- http://ab###ell.net/index.php
- http://mo###ugust.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://al###being.net/index.php
- http://ri###nstorm.net/index.php
- http://ca####nbring.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://cl###five.net/index.php
- http://da###ive.net/index.php
- http://da###oice.net/index.php
- http://si###hey.net/index.php
- http://cl###voice.net/index.php
- http://da###hey.net/index.php
- http://mi###unt.net/index.php
- http://cl###they.net/index.php
- http://cl###eight.net/index.php
- http://da###ight.net/index.php
- http://me###oice.net/index.php
- http://si###oice.net/index.php
- http://mo###hey.net/index.php
- http://mo###ight.net/index.php
- http://su###ythey.net/index.php
- http://si###ight.net/index.php
- http://me###hey.net/index.php
- http://me###ight.net/index.php
- http://me###ive.net/index.php
- http://si###ive.net/index.php
- DNS ASK wi###ont.net
- DNS ASK du###ont.net
- DNS ASK du###reat.net
- DNS ASK du###cene.net
- DNS ASK wi###reat.net
- DNS ASK si###scene.net
- DNS ASK th###great.net
- DNS ASK th###scene.net
- DNS ASK th###aunt.net
- DNS ASK si###aunt.net
- DNS ASK mi###reat.net
- DNS ASK tr###great.net
- DNS ASK tr###scene.net
- DNS ASK tr###aunt.net
- DNS ASK mi###cene.net
- DNS ASK du###unt.net
- DNS ASK wi###cene.net
- DNS ASK wi###unt.net
- DNS ASK mi###ont.net
- DNS ASK tr###dont.net
- DNS ASK si###great.net
- DNS ASK th###cene.net
- DNS ASK qu###great.net
- DNS ASK qu###scene.net
- DNS ASK qu###aunt.net
- DNS ASK th###unt.net
- DNS ASK su###yaunt.net
- DNS ASK mo###unt.net
- DNS ASK th###ont.net
- DNS ASK th###reat.net
- DNS ASK qu###dont.net
- DNS ASK he###unt.net
- DNS ASK ca###cene.net
- DNS ASK ca###unt.net
- DNS ASK th###dont.net
- DNS ASK si###dont.net
- DNS ASK ca###ont.net
- DNS ASK he###ont.net
- DNS ASK he###reat.net
- DNS ASK he###cene.net
- DNS ASK ca###reat.net
- DNS ASK qu###they.net
- DNS ASK th###hey.net
- DNS ASK th###ight.net
- DNS ASK be##lxc.com
- DNS ASK qu###eight.net
- DNS ASK mo###ive.net
- DNS ASK su###yeight.net
- DNS ASK su###yfive.net
- DNS ASK su###yvoice.net
- DNS ASK mo###oice.net
- DNS ASK mi###hown.net
- DNS ASK ab###ell.net
- DNS ASK mo###ugust.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK al###being.net
- DNS ASK ri###nstorm.net
- DNS ASK ca####nbring.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK cl###five.net
- DNS ASK da###ive.net
- DNS ASK da###oice.net
- DNS ASK si###hey.net
- DNS ASK cl###voice.net
- DNS ASK da###hey.net
- DNS ASK mi###unt.net
- DNS ASK cl###they.net
- DNS ASK cl###eight.net
- DNS ASK da###ight.net
- DNS ASK me###oice.net
- DNS ASK si###oice.net
- DNS ASK mo###hey.net
- DNS ASK mo###ight.net
- DNS ASK su###ythey.net
- DNS ASK si###ight.net
- DNS ASK me###hey.net
- DNS ASK me###ight.net
- DNS ASK me###ive.net
- DNS ASK si###ive.net
- '23#.#55.255.250':1900