Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Hardware Program Log Services' = '<SYSTEM32>\bcuazme.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\bcuazme.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\Tunneling Driver Extensible] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\rqyezabax.exe' "<SYSTEM32>\bcuazme.exe"
- '%WINDIR%\Temp\fidflk3xopma.exe' -r 34630 tcp
- '%TEMP%\fidflk3ui4mgrzzkjc.exe'
- '<SYSTEM32>\bcuazme.exe'
- <SYSTEM32>\slneybc\run
- <SYSTEM32>\slneybc\rng
- <SYSTEM32>\slneybc\cfg
- <SYSTEM32>\slneybc\por
- %WINDIR%\Temp\fidflk3xopma.exe
- %TEMP%\fidflk3ui4mgrzzkjc.exe
- <SYSTEM32>\slneybc\tst
- <SYSTEM32>\slneybc\etc
- <SYSTEM32>\rqyezabax.exe
- <SYSTEM32>\bcuazme.exe
- <SYSTEM32>\rqyezabax.exe
- <SYSTEM32>\bcuazme.exe
- %WINDIR%\Temp\fidflk3xopma.exe
- %TEMP%\fidflk3ui4mgrzzkjc.exe
- <DRIVERS>\etc\hosts
- 'th###plain.net':80
- 'th###step.net':80
- 'th###black.net':80
- 'th###grown.net':80
- 'lo###rown.net':80
- 'fe###rown.net':80
- 'lo###lack.net':80
- 'fe###lack.net':80
- 'wi###rown.net':80
- 'dr###grown.net':80
- 'wi###lack.net':80
- 'dr###black.net':80
- 'wi###tep.net':80
- 'dr###step.net':80
- 'wi###lain.net':80
- 'dr###plain.net':80
- 'lo###lain.net':80
- 'vi###mojo.com':80
- 'mo###uia.com':80
- 'hi###lain.net':80
- 'am###stol.com':80
- 'el#####arimagine.com':80
- 'do####club-grup.com':80
- 'mo###itio.com':80
- 'ja###uter.com':80
- 'fe###tep.net':80
- 'wh###lack.net':80
- 'fe###lain.net':80
- 'lo###tep.net':80
- 'hi###rown.net':80
- 'wh###lain.net':80
- 'hi###lack.net':80
- 'wh###rown.net':80
- th###plain.net/forum/search.php?me#########################################
- th###step.net/forum/search.php?me#########################################
- th###black.net/forum/search.php?me#########################################
- th###grown.net/forum/search.php?me#########################################
- lo###rown.net/forum/search.php?me#########################################
- fe###rown.net/forum/search.php?me#########################################
- lo###lack.net/forum/search.php?me#########################################
- fe###lack.net/forum/search.php?me#########################################
- wi###rown.net/forum/search.php?me#########################################
- dr###grown.net/forum/search.php?me#########################################
- wi###lack.net/forum/search.php?me#########################################
- dr###black.net/forum/search.php?me#########################################
- wi###tep.net/forum/search.php?me#########################################
- dr###step.net/forum/search.php?me#########################################
- wi###lain.net/forum/search.php?me#########################################
- dr###plain.net/forum/search.php?me#########################################
- lo###lain.net/forum/search.php?me#########################################
- vi###mojo.com/forum/search.php?me#########################################
- mo###uia.com/forum/search.php?me#########################################
- hi###lain.net/forum/search.php?me#########################################
- am###stol.com/forum/search.php?me#########################################
- el#####arimagine.com/forum/search.php?me#########################################
- do####club-grup.com/forum/search.php?me#########################################
- mo###itio.com/forum/search.php?me#########################################
- ja###uter.com/forum/search.php?me#########################################
- fe###tep.net/forum/search.php?me#########################################
- wh###lack.net/forum/search.php?me#########################################
- fe###lain.net/forum/search.php?me#########################################
- lo###tep.net/forum/search.php?me#########################################
- hi###rown.net/forum/search.php?me#########################################
- wh###lain.net/forum/search.php?me#########################################
- hi###lack.net/forum/search.php?me#########################################
- wh###rown.net/forum/search.php?me#########################################
- DNS ASK th###step.net
- DNS ASK lo###lack.net
- DNS ASK th###grown.net
- DNS ASK th###plain.net
- DNS ASK fe###rown.net
- DNS ASK kn###orm.net
- DNS ASK fe###lack.net
- DNS ASK lo###rown.net
- DNS ASK th###black.net
- DNS ASK wi###rown.net
- DNS ASK dr###grown.net
- DNS ASK wi###lack.net
- DNS ASK dr###black.net
- DNS ASK wi###tep.net
- DNS ASK dr###step.net
- DNS ASK wi###lain.net
- DNS ASK dr###plain.net
- DNS ASK mo###uia.com
- DNS ASK mo###itio.com
- DNS ASK am###stol.com
- DNS ASK vi###mojo.com
- DNS ASK do####club-grup.com
- DNS ASK lo###lain.net
- DNS ASK ja###uter.com
- DNS ASK el#####arimagine.com
- DNS ASK hi###lain.net
- DNS ASK fe###tep.net
- DNS ASK wh###lack.net
- DNS ASK fe###lain.net
- DNS ASK lo###tep.net
- DNS ASK hi###rown.net
- DNS ASK wh###lain.net
- DNS ASK hi###lack.net
- DNS ASK wh###rown.net
- '23#.#55.255.250':1900