Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ec525f4' = '%APPDATA%\ec525f4.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ec525f' = 'C:\ec525f4\ec525f4.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\ec525f4.exe
- System Restore (SR)
- '<SYSTEM32>\vssadmin.exe' Delete Shadows /All /Quiet
- '<SYSTEM32>\svchost.exe' netsvcs
- '%WINDIR%\explorer.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\ec525f4.exe
- C:\ec525f4\ec525f4.exe
- 'hi##ix.net':80
- 'ci####ineral.com':80
- 'fl##yak.org':80
- 'ch###log.net':80
- 'gh####owered.net':80
- 'pr####ioncheck.com':80
- 'ph###bic.com':80
- 'hg###ting.net':80
- 'it####xation.com':80
- '1t##buy.com':80
- 'an##hin.org':80
- 'fl####rguides.com':80
- 'se###dir.net':80
- 'le##m.com':80
- 'to###earn.com':80
- 'ou######emediaexpert.com':80
- 'pc##ter.com':80
- 'ma###nprew.com':80
- 'da###ngroup.com':80
- 'ke####anhnghiep.net':80
- 'sn##ns.org':80
- 'cy###s-host.com':80
- 'ba###ttech.com':80
- 'ju#####transparente.org':80
- 'co######forcaregivers.com':80
- 'ra###ma87.com':80
- 'my####rnalip.com':80
- 'ip##ddr.es':80
- 'cu###yip.com':80
- 'et####etport.com':80
- 'po##eva.com':80
- 'ja###gia.net':80
- 'ri##jel.com':80
- 'ki###ude.com':80
- 'bu###ova.com':80
- 're#####dauction.info':80
- 'te###rtone.com':80
- 'ho##ar.info':80
- 'fr###ie.net.ua':80
- 'av###esurs.net':80
- 'lz###ent.com':80
- 'ar####rading.com':80
- http://cu###yip.com/
- http://my####rnalip.com/raw
- http://ip##ddr.es/
- http://bu###ova.com/robustb/img3.php?q=############
- http://re#####dauction.info/wp-content/img3.php?r=############
- http://ki###ude.com/word/img1.php?n=############
- http://ri##jel.com/img4.php?k=############
- http://ph###bic.com/img1.php?k=############
- http://1t##buy.com/img2.php?x=############
- http://it####xation.com/img2.php?j=############
- http://pr####ioncheck.com/img5.php?d=############
- http://hg###ting.net/img1.php?c=############
- http://lz###ent.com/img4.php?s=############
- http://ju#####transparente.org/stoppagea/img2.php?d=############
- http://ra###ma87.com/img2.php?s=############
- http://ba###ttech.com/renew/img2.php?t=############
- http://cy###s-host.com/img5.php?v=############
- http://ja###gia.net/img5.php?a=############
- http://av###esurs.net/img4.php?y=############
- http://ar####rading.com/img3.php?a=############
- http://fr###ie.net.ua/img1.php?n=############
- http://ho##ar.info/img2.php?f=############
- http://ci####ineral.com/img/img2.php?r=############
- http://to###earn.com/img2.php?w=############
- http://po##eva.com/img4.php?f=############
- http://le##m.com/img1.php?y=############
- http://ou######emediaexpert.com/img3.php?f=############
- http://et####etport.com/img3.php?r=############
- http://ra###ma87.com/img2.php?e=############
- http://co######forcaregivers.com/img1.php?k=############
- http://ba###ttech.com/renew/img2.php?d=############
- http://ju#####transparente.org/stoppagea/img2.php?n=############
- http://fl####rguides.com/web-content/img1.php?q=############
- http://an##hin.org/misc/img5.php?d=############
- http://ma###nprew.com/slider/img5.php?e=############
- http://fl##yak.org/img4.php?t=############
- http://gh####owered.net/img3.php?t=############
- http://pc##ter.com/img4.php?b=############
- http://ke####anhnghiep.net/img5.php?m=############
- http://se###dir.net/img3.php?x=############
- http://da###ngroup.com/img1.php?t=############
- http://sn##ns.org/img4.php?e=############
- http://po##eva.com/img4.php?y=############
- http://lz###ent.com/img4.php?h=############
- http://ki###ude.com/word/img1.php?w=############
- http://av###esurs.net/img4.php?n=############
- http://ar####rading.com/img3.php?m=############
- http://ri##jel.com/img4.php?w=############
- http://re#####dauction.info/wp-content/img3.php?a=############
- http://ph###bic.com/img1.php?l=############
- http://bu###ova.com/robustb/img3.php?l=############
- http://te###rtone.com/img4.php?a=############
- http://ho##ar.info/img2.php?v=############
- http://ba###ttech.com/renew/img2.php?r=############
- http://cy###s-host.com/img5.php?g=############
- http://po##eva.com/img4.php?k=############
- http://et####etport.com/img3.php?k=############
- http://ju#####transparente.org/stoppagea/img2.php?w=############
- http://ja###gia.net/img5.php?y=############
- http://fr###ie.net.ua/img1.php?s=############
- http://ra###ma87.com/img2.php?z=############
- http://co######forcaregivers.com/img1.php?g=############
- http://pr####ioncheck.com/img5.php?n=############
- http://sn##ns.org/img4.php?s=############
- http://ke####anhnghiep.net/img5.php?r=############
- http://pc##ter.com/img4.php?k=############
- http://da###ngroup.com/img1.php?v=############
- http://se###dir.net/img3.php?e=############
- http://ou######emediaexpert.com/img3.php?j=############
- http://to###earn.com/img2.php?t=############
- http://fl####rguides.com/web-content/img1.php?e=############
- http://le##m.com/img1.php?x=############
- http://ma###nprew.com/slider/img5.php?r=############
- http://it####xation.com/img2.php?w=############
- http://ci####ineral.com/img/img2.php?g=############
- http://hg###ting.net/img1.php?n=############
- http://1t##buy.com/img2.php?d=############
- http://hi##ix.net/img3.php?y=############
- http://ch###log.net/img5.php?h=############
- http://an##hin.org/misc/img5.php?a=############
- http://fl##yak.org/img4.php?p=############
- http://gh####owered.net/img3.php?n=############
- DNS ASK hi##ix.net
- DNS ASK ci####ineral.com
- DNS ASK fl##yak.org
- DNS ASK ch###log.net
- DNS ASK gh####owered.net
- DNS ASK pr####ioncheck.com
- DNS ASK ph###bic.com
- DNS ASK hg###ting.net
- DNS ASK it####xation.com
- DNS ASK 1t##buy.com
- DNS ASK an##hin.org
- DNS ASK fl####rguides.com
- DNS ASK se###dir.net
- DNS ASK le##m.com
- DNS ASK to###earn.com
- DNS ASK ou######emediaexpert.com
- DNS ASK pc##ter.com
- DNS ASK ma###nprew.com
- DNS ASK da###ngroup.com
- DNS ASK ke####anhnghiep.net
- DNS ASK sn##ns.org
- DNS ASK cy###s-host.com
- DNS ASK ba###ttech.com
- DNS ASK ju#####transparente.org
- DNS ASK co######forcaregivers.com
- DNS ASK ra###ma87.com
- DNS ASK my####rnalip.com
- DNS ASK ip##ddr.es
- DNS ASK cu###yip.com
- DNS ASK et####etport.com
- DNS ASK po##eva.com
- DNS ASK ja###gia.net
- DNS ASK ri##jel.com
- DNS ASK ki###ude.com
- DNS ASK bu###ova.com
- DNS ASK re#####dauction.info
- DNS ASK te###rtone.com
- DNS ASK ho##ar.info
- DNS ASK fr###ie.net.ua
- DNS ASK av###esurs.net
- DNS ASK lz###ent.com
- DNS ASK ar####rading.com
- ClassName: 'Indicator' WindowName: ''