Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Logon Web Enumerator' = '<SYSTEM32>\fnpbohzhu.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Acquisition Procedure Shell Human] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\ctkuddoofftq.exe' "<SYSTEM32>\fnpbohzhu.exe"
- '%WINDIR%\Temp\fkugtph3f61z1i.exe' -r 43620 tcp
- '%TEMP%\fkugtph3afwz1iy7zft1.exe'
- '<SYSTEM32>\fnpbohzhu.exe'
- <SYSTEM32>\brrjoevn\run
- <SYSTEM32>\brrjoevn\rng
- %WINDIR%\Temp\fkugtph3f61z1i.exe
- <SYSTEM32>\brrjoevn\cfg
- <SYSTEM32>\ctkuddoofftq.exe
- %TEMP%\fkugtph3afwz1iy7zft1.exe
- <SYSTEM32>\brrjoevn\tst
- <SYSTEM32>\fnpbohzhu.exe
- <SYSTEM32>\brrjoevn\etc
- <SYSTEM32>\ctkuddoofftq.exe
- <SYSTEM32>\fnpbohzhu.exe
- %WINDIR%\Temp\fkugtph3f61z1i.exe
- <DRIVERS>\etc\hosts
- %TEMP%\fkugtph3afwz1iy7zft1.exe
- 'mi###ount.net':80
- 'tr###count.net':80
- 'tr###fell.net':80
- 'tr###hour.net':80
- 'mi###ell.net':80
- 'du###our.net':80
- 'wi###ell.net':80
- 'wi###our.net':80
- 'wi###ompe.net':80
- 'du###ompe.net':80
- 'cl###dish.net':80
- 'da###ish.net':80
- 'da###arch.net':80
- 'da###ure.net':80
- 'cl###march.net':80
- 'tr###compe.net':80
- 'mi###our.net':80
- 'mi###ompe.net':80
- 'cl###july.net':80
- 'da###uly.net':80
- 'du###ell.net':80
- 'he###our.net':80
- 'ca###ell.net':80
- 'ca###our.net':80
- 'ca###ompe.net':80
- 'he###ompe.net':80
- 'qu###compe.net':80
- 'th###ompe.net':80
- 'he###ount.net':80
- 'he###ell.net':80
- 'ca###ount.net':80
- 'si###compe.net':80
- 'th###hour.net':80
- 'th###compe.net':80
- 'wi###ount.net':80
- 'du###ount.net':80
- 'th###count.net':80
- 'si###count.net':80
- 'si###fell.net':80
- 'si###hour.net':80
- 'th###fell.net':80
- 'cl###pure.net':80
- 'ca###ish.net':80
- 'he###ish.net':80
- 'he###arch.net':80
- 'he###ure.net':80
- 'ca###arch.net':80
- 'th###ure.net':80
- 'qu###march.net':80
- 'qu###pure.net':80
- 'ca###uly.net':80
- 'he###uly.net':80
- 'de###lxc.com':80
- 'si###march.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'si###july.net':80
- 'ca###ure.net':80
- 'th###july.net':80
- 'th###dish.net':80
- 'si###dish.net':80
- 'th###arch.net':80
- 'si###ure.net':80
- 'me###arch.net':80
- 'me###ure.net':80
- 'su###yjuly.net':80
- 'mo###uly.net':80
- 'me###uly.net':80
- 'si###uly.net':80
- 'si###ish.net':80
- 'si###arch.net':80
- 'me###ish.net':80
- 'th###uly.net':80
- 'su###ypure.net':80
- 'qu###july.net':80
- 'qu###dish.net':80
- 'th###ish.net':80
- 'su###ydish.net':80
- 'mo###ish.net':80
- 'mo###arch.net':80
- 'mo###ure.net':80
- 'su###ymarch.net':80
- http://mi###ount.net/index.php
- http://tr###count.net/index.php
- http://tr###fell.net/index.php
- http://tr###hour.net/index.php
- http://mi###ell.net/index.php
- http://du###our.net/index.php
- http://wi###ell.net/index.php
- http://wi###our.net/index.php
- http://wi###ompe.net/index.php
- http://du###ompe.net/index.php
- http://cl###dish.net/index.php
- http://da###ish.net/index.php
- http://da###arch.net/index.php
- http://da###ure.net/index.php
- http://cl###march.net/index.php
- http://tr###compe.net/index.php
- http://mi###our.net/index.php
- http://mi###ompe.net/index.php
- http://cl###july.net/index.php
- http://da###uly.net/index.php
- http://du###ell.net/index.php
- http://he###our.net/index.php
- http://ca###ell.net/index.php
- http://ca###our.net/index.php
- http://ca###ompe.net/index.php
- http://he###ompe.net/index.php
- http://qu###compe.net/index.php
- http://th###ompe.net/index.php
- http://he###ount.net/index.php
- http://he###ell.net/index.php
- http://ca###ount.net/index.php
- http://si###compe.net/index.php
- http://th###hour.net/index.php
- http://th###compe.net/index.php
- http://wi###ount.net/index.php
- http://du###ount.net/index.php
- http://th###count.net/index.php
- http://si###count.net/index.php
- http://si###fell.net/index.php
- http://si###hour.net/index.php
- http://th###fell.net/index.php
- http://cl###pure.net/index.php
- http://ca###ish.net/index.php
- http://he###ish.net/index.php
- http://he###arch.net/index.php
- http://he###ure.net/index.php
- http://ca###arch.net/index.php
- http://th###ure.net/index.php
- http://qu###march.net/index.php
- http://qu###pure.net/index.php
- http://ca###uly.net/index.php
- http://he###uly.net/index.php
- http://de###lxc.com/index.php
- http://si###march.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://si###july.net/index.php
- http://ca###ure.net/index.php
- http://th###july.net/index.php
- http://th###dish.net/index.php
- http://si###dish.net/index.php
- http://th###arch.net/index.php
- http://si###ure.net/index.php
- http://me###arch.net/index.php
- http://me###ure.net/index.php
- http://su###yjuly.net/index.php
- http://mo###uly.net/index.php
- http://me###uly.net/index.php
- http://si###uly.net/index.php
- http://si###ish.net/index.php
- http://si###arch.net/index.php
- http://me###ish.net/index.php
- http://th###uly.net/index.php
- http://su###ypure.net/index.php
- http://qu###july.net/index.php
- http://qu###dish.net/index.php
- http://th###ish.net/index.php
- http://su###ydish.net/index.php
- http://mo###ish.net/index.php
- http://mo###arch.net/index.php
- http://mo###ure.net/index.php
- http://su###ymarch.net/index.php
- DNS ASK mi###ount.net
- DNS ASK tr###count.net
- DNS ASK tr###fell.net
- DNS ASK tr###hour.net
- DNS ASK mi###ell.net
- DNS ASK du###our.net
- DNS ASK wi###ell.net
- DNS ASK wi###our.net
- DNS ASK wi###ompe.net
- DNS ASK du###ompe.net
- DNS ASK mi###our.net
- DNS ASK da###arch.net
- DNS ASK cl###dish.net
- DNS ASK cl###march.net
- DNS ASK cl###pure.net
- DNS ASK da###ure.net
- DNS ASK mi###ompe.net
- DNS ASK tr###compe.net
- DNS ASK da###uly.net
- DNS ASK da###ish.net
- DNS ASK cl###july.net
- DNS ASK he###our.net
- DNS ASK ca###ell.net
- DNS ASK ca###our.net
- DNS ASK ca###ompe.net
- DNS ASK he###ompe.net
- DNS ASK qu###compe.net
- DNS ASK th###ompe.net
- DNS ASK he###ount.net
- DNS ASK he###ell.net
- DNS ASK ca###ount.net
- DNS ASK si###count.net
- DNS ASK th###compe.net
- DNS ASK si###compe.net
- DNS ASK du###ount.net
- DNS ASK du###ell.net
- DNS ASK wi###ount.net
- DNS ASK si###fell.net
- DNS ASK th###count.net
- DNS ASK th###fell.net
- DNS ASK th###hour.net
- DNS ASK si###hour.net
- DNS ASK ca###ish.net
- DNS ASK he###ish.net
- DNS ASK he###arch.net
- DNS ASK he###ure.net
- DNS ASK ca###arch.net
- DNS ASK th###ure.net
- DNS ASK qu###march.net
- DNS ASK qu###pure.net
- DNS ASK ca###uly.net
- DNS ASK he###uly.net
- DNS ASK de###lxc.com
- DNS ASK si###march.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK si###july.net
- DNS ASK ca###ure.net
- DNS ASK th###july.net
- DNS ASK th###dish.net
- DNS ASK si###dish.net
- DNS ASK th###arch.net
- DNS ASK si###ure.net
- DNS ASK me###arch.net
- DNS ASK me###ure.net
- DNS ASK su###yjuly.net
- DNS ASK mo###uly.net
- DNS ASK me###uly.net
- DNS ASK si###uly.net
- DNS ASK si###ish.net
- DNS ASK si###arch.net
- DNS ASK me###ish.net
- DNS ASK th###uly.net
- DNS ASK su###ypure.net
- DNS ASK qu###july.net
- DNS ASK qu###dish.net
- DNS ASK th###ish.net
- DNS ASK su###ydish.net
- DNS ASK mo###ish.net
- DNS ASK mo###arch.net
- DNS ASK mo###ure.net
- DNS ASK su###ymarch.net
- '23#.#55.255.250':1900