Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Provider Distributed Storage] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Provider Distributed Storage] 'ImagePath' = 'C:\pnnfjhuixyw\vzqwimmpif.exe'
- 'Provider Distributed Storage' C:\pnnfjhuixyw\vzqwimmpif.exe
- %WINDIR%\pnnfjhuixyw\xeccqdzlkj
- C:\pnnfjhuixyw\xeccqdzlkj
- C:\pnnfjhuixyw\wwynup7x8kglvwktovvt3.exe
- C:\pnnfjhuixyw\vzqwimmpif.exe
- C:\pnnfjhuixyw\doyjcabrt.exe
- C:\pnnfjhuixyw\vzqwimmpif.exe
- C:\pnnfjhuixyw\doyjcabrt.exe
- %WINDIR%\pnnfjhuixyw\xeccqdzlkj
- C:\pnnfjhuixyw\wwynup7x8kglvwktovvt3.exe
- %WINDIR%\pnnfjhuixyw\xeccqdzlkj
- 'fr###nature.net':80
- 'ex#####ncenature.net':80
- 'fo####needle.net':80
- 'wo###enough.net':80
- 'fr####ompany.net':80
- http://fr###nature.net/index.php
- http://ex#####ncenature.net/index.php
- http://fo####needle.net/index.php
- http://wo###enough.net/index.php
- http://fr####ompany.net/index.php
- DNS ASK pa####omplete.net
- DNS ASK fi###enough.net
- DNS ASK pa###enough.net
- DNS ASK fi###needle.net
- DNS ASK pa###needle.net
- DNS ASK fi###nature.net
- DNS ASK pa###nature.net
- DNS ASK sm###govern.net
- DNS ASK wo###govern.net
- DNS ASK pa###govern.net
- DNS ASK sm###enough.net
- DNS ASK sm###needle.net
- DNS ASK wo###needle.net
- DNS ASK sm###nature.net
- DNS ASK wo###nature.net
- DNS ASK wa###govern.net
- DNS ASK th####tgovern.net
- DNS ASK wa###enough.net
- DNS ASK th####tenough.net
- DNS ASK wo###enough.net
- DNS ASK fi###govern.net
- DNS ASK fr####urther.net
- DNS ASK ex#####ncefurther.net
- DNS ASK fo####become.net
- DNS ASK me###rcover.net
- DNS ASK fo###wcover.net
- DNS ASK me####further.net
- DNS ASK fo####further.net
- DNS ASK al####ycompany.net
- DNS ASK ge#####ancompany.net
- DNS ASK al####ybecome.net
- DNS ASK ge####manbecome.net
- DNS ASK al####ycover.net
- DNS ASK ge####mancover.net
- DNS ASK al####yfurther.net
- DNS ASK ge#####anfurther.net
- DNS ASK ex#####ncecompany.net
- DNS ASK fr####ompany.net
- DNS ASK ex#####ncebecome.net
- DNS ASK fr###become.net
- DNS ASK ex####encecover.net
- DNS ASK fr###cover.net
- DNS ASK wa###needle.net
- DNS ASK me####become.net
- DNS ASK th####tneedle.net
- DNS ASK th####tnature.net
- DNS ASK fo####nature.net
- DNS ASK al####ygovern.net
- DNS ASK ge####mangovern.net
- DNS ASK al####yenough.net
- DNS ASK ge####manenough.net
- DNS ASK al####yneedle.net
- DNS ASK ge####manneedle.net
- DNS ASK al####ynature.net
- DNS ASK me####nature.net
- DNS ASK ge####mannature.net
- DNS ASK fr###govern.net
- DNS ASK ex#####nceenough.net
- DNS ASK fr###enough.net
- DNS ASK ex#####nceneedle.net
- DNS ASK fr###needle.net
- DNS ASK ex#####ncenature.net
- DNS ASK fr###nature.net
- DNS ASK fi####omplete.net
- DNS ASK ex#####ncegovern.net
- DNS ASK fo####needle.net
- DNS ASK me####needle.net
- DNS ASK fo####enough.net
- DNS ASK cr###govern.net
- DNS ASK su####govern.net
- DNS ASK cr###enough.net
- DNS ASK su####enough.net
- DNS ASK cr###needle.net
- DNS ASK su####needle.net
- DNS ASK cr###nature.net
- DNS ASK su####nature.net
- DNS ASK kn###govern.net
- DNS ASK be###govern.net
- DNS ASK kn###enough.net
- DNS ASK be###enough.net
- DNS ASK kn###needle.net
- DNS ASK be###needle.net
- DNS ASK kn###nature.net
- DNS ASK be###nature.net
- DNS ASK me####govern.net
- DNS ASK fo####govern.net
- DNS ASK me####enough.net
- DNS ASK wa###nature.net
- DNS ASK fo####company.net
- 'C:\pnnfjhuixyw\wwynup7x8kglvwktovvt3.exe'
- 'C:\pnnfjhuixyw\vzqwimmpif.exe'
- 'C:\pnnfjhuixyw\doyjcabrt.exe' "c:\pnnfjhuixyw\vzqwimmpif.exe"