Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Logon Studio Secondary Collector' = '<SYSTEM32>\kdnikunnmqt.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Web Secondary Information Health File] 'ImagePath' = '<SYSTEM32>\kdnikunnmqt.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Web Secondary Information Health File] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\xxeqlnb.exe' "<SYSTEM32>\kdnikunnmqt.exe"
- '%WINDIR%\Temp\zjttpv2wcysirh.exe' -r 31018 tcp
- '%TEMP%\zjttpv2ng7sirhxqsis76b.exe'
- '<SYSTEM32>\kdnikunnmqt.exe'
- <SYSTEM32>\dbsgynppis\run
- <SYSTEM32>\dbsgynppis\rng
- %WINDIR%\Temp\zjttpv2wcysirh.exe
- <SYSTEM32>\dbsgynppis\cfg
- <SYSTEM32>\xxeqlnb.exe
- %TEMP%\zjttpv2ng7sirhxqsis76b.exe
- <SYSTEM32>\dbsgynppis\tst
- <SYSTEM32>\kdnikunnmqt.exe
- <SYSTEM32>\dbsgynppis\etc
- <SYSTEM32>\xxeqlnb.exe
- <SYSTEM32>\kdnikunnmqt.exe
- %WINDIR%\Temp\zjttpv2wcysirh.exe
- <DRIVERS>\etc\hosts
- %TEMP%\zjttpv2ng7sirhxqsis76b.exe
- 'eq###green.net':80
- 'gr###green.net':80
- 'gr###lift.net':80
- 'ta###hand.net':80
- 'eq###lift.net':80
- 'gr###hand.net':80
- 'sp###lift.net':80
- 'eq###hand.net':80
- 'eq###sound.net':80
- 'gr###sound.net':80
- 'gl###and.net':80
- 'sa###and.net':80
- 'gl###ift.net':80
- 'sp###and.net':80
- 'sp###ound.net':80
- 'sa###ound.net':80
- 'gl###ound.net':80
- 'ta###sound.net':80
- 'ta###green.net':80
- 'ta###lift.net':80
- 'gl###reen.net':80
- 'fa###and.net':80
- 'dr###lift.net':80
- 'wa###hand.net':80
- 'wa###sound.net':80
- 'fa###ound.net':80
- 'dr###sound.net':80
- 'th###ound.net':80
- 'th###reen.net':80
- 'th###ift.net':80
- 'dr###green.net':80
- 'fa###reen.net':80
- 'sp###sound.net':80
- 'vi###sound.net':80
- 'vi###green.net':80
- 'vi###lift.net':80
- 'sp###green.net':80
- 'fa###ift.net':80
- 'wa###green.net':80
- 'wa###lift.net':80
- 'sp###hand.net':80
- 'vi###hand.net':80
- 'sa###reen.net':80
- 'fa###here.net':80
- 'dr###road.net':80
- 'wa###where.net':80
- 'al###being.net':80
- 'ri###nstorm.net':80
- 'dr###wore.net':80
- 'th###ore.net':80
- 'th###ail.net':80
- 'th###oad.net':80
- 'dr###mail.net':80
- 'ca####nbring.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'jo####ymeasure.net':80
- 'ef###tbuilt.net':80
- 'th###while.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'ab###ell.net':80
- 'mo###ugust.net':80
- 'mi###hown.net':80
- 'up###ound.net':80
- 'wh###sound.net':80
- 'wh###green.net':80
- 'wh###lift.net':80
- 'up###reen.net':80
- 'sa###ift.net':80
- 'sp###reen.net':80
- 'sp###ift.net':80
- 'up###and.net':80
- 'wh###hand.net':80
- 'up###ift.net':80
- 'so###lift.net':80
- 'ar###green.net':80
- 'ar###lift.net':80
- 'dr###where.net':80
- 'th###here.net':80
- 'ar###hand.net':80
- 'so###hand.net':80
- 'so###sound.net':80
- 'so###green.net':80
- 'ar###sound.net':80
- http://eq###green.net/index.php
- http://gr###green.net/index.php
- http://gr###lift.net/index.php
- http://ta###hand.net/index.php
- http://eq###lift.net/index.php
- http://gr###hand.net/index.php
- http://sp###lift.net/index.php
- http://eq###hand.net/index.php
- http://eq###sound.net/index.php
- http://gr###sound.net/index.php
- http://gl###and.net/index.php
- http://sa###and.net/index.php
- http://gl###ift.net/index.php
- http://sp###and.net/index.php
- http://sp###ound.net/index.php
- http://sa###ound.net/index.php
- http://gl###ound.net/index.php
- http://ta###sound.net/index.php
- http://ta###green.net/index.php
- http://ta###lift.net/index.php
- http://gl###reen.net/index.php
- http://fa###and.net/index.php
- http://dr###lift.net/index.php
- http://wa###hand.net/index.php
- http://wa###sound.net/index.php
- http://fa###ound.net/index.php
- http://dr###sound.net/index.php
- http://th###ound.net/index.php
- http://th###reen.net/index.php
- http://th###ift.net/index.php
- http://dr###green.net/index.php
- http://fa###reen.net/index.php
- http://sp###sound.net/index.php
- http://vi###sound.net/index.php
- http://vi###green.net/index.php
- http://vi###lift.net/index.php
- http://sp###green.net/index.php
- http://fa###ift.net/index.php
- http://wa###green.net/index.php
- http://wa###lift.net/index.php
- http://sp###hand.net/index.php
- http://vi###hand.net/index.php
- http://sa###reen.net/index.php
- http://fa###here.net/index.php
- http://dr###road.net/index.php
- http://wa###where.net/index.php
- http://al###being.net/index.php
- http://ri###nstorm.net/index.php
- http://dr###wore.net/index.php
- http://th###ore.net/index.php
- http://th###ail.net/index.php
- http://th###oad.net/index.php
- http://dr###mail.net/index.php
- http://ca####nbring.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://jo####ymeasure.net/index.php
- http://ef###tbuilt.net/index.php
- http://th###while.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://ab###ell.net/index.php
- http://mo###ugust.net/index.php
- http://mi###hown.net/index.php
- http://up###ound.net/index.php
- http://wh###sound.net/index.php
- http://wh###green.net/index.php
- http://wh###lift.net/index.php
- http://up###reen.net/index.php
- http://sa###ift.net/index.php
- http://sp###reen.net/index.php
- http://sp###ift.net/index.php
- http://up###and.net/index.php
- http://wh###hand.net/index.php
- http://up###ift.net/index.php
- http://so###lift.net/index.php
- http://ar###green.net/index.php
- http://ar###lift.net/index.php
- http://dr###where.net/index.php
- http://th###here.net/index.php
- http://ar###hand.net/index.php
- http://so###hand.net/index.php
- http://so###sound.net/index.php
- http://so###green.net/index.php
- http://ar###sound.net/index.php
- DNS ASK gr###lift.net
- DNS ASK eq###green.net
- DNS ASK eq###lift.net
- DNS ASK gl###and.net
- DNS ASK ta###hand.net
- DNS ASK eq###hand.net
- DNS ASK gr###hand.net
- DNS ASK gr###sound.net
- DNS ASK gr###green.net
- DNS ASK eq###sound.net
- DNS ASK ta###sound.net
- DNS ASK sp###and.net
- DNS ASK sa###and.net
- DNS ASK sa###ound.net
- DNS ASK sa###reen.net
- DNS ASK sp###ound.net
- DNS ASK ta###green.net
- DNS ASK gl###ound.net
- DNS ASK gl###reen.net
- DNS ASK gl###ift.net
- DNS ASK ta###lift.net
- DNS ASK sp###lift.net
- DNS ASK fa###and.net
- DNS ASK dr###lift.net
- DNS ASK wa###hand.net
- DNS ASK wa###sound.net
- DNS ASK fa###ound.net
- DNS ASK dr###sound.net
- DNS ASK th###ound.net
- DNS ASK th###reen.net
- DNS ASK th###ift.net
- DNS ASK dr###green.net
- DNS ASK fa###reen.net
- DNS ASK sp###sound.net
- DNS ASK vi###sound.net
- DNS ASK vi###green.net
- DNS ASK vi###lift.net
- DNS ASK sp###green.net
- DNS ASK fa###ift.net
- DNS ASK wa###green.net
- DNS ASK wa###lift.net
- DNS ASK sp###hand.net
- DNS ASK vi###hand.net
- DNS ASK fa###here.net
- DNS ASK dr###road.net
- DNS ASK wa###where.net
- DNS ASK al###being.net
- DNS ASK ri###nstorm.net
- DNS ASK dr###wore.net
- DNS ASK th###ore.net
- DNS ASK th###ail.net
- DNS ASK th###oad.net
- DNS ASK dr###mail.net
- DNS ASK ca####nbring.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK jo####ymeasure.net
- DNS ASK ef###tbuilt.net
- DNS ASK th###while.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK ab###ell.net
- DNS ASK mo###ugust.net
- DNS ASK mi###hown.net
- DNS ASK up###ound.net
- DNS ASK wh###sound.net
- DNS ASK wh###green.net
- DNS ASK wh###lift.net
- DNS ASK up###reen.net
- DNS ASK sa###ift.net
- DNS ASK sp###reen.net
- DNS ASK sp###ift.net
- DNS ASK up###and.net
- DNS ASK wh###hand.net
- DNS ASK up###ift.net
- DNS ASK so###lift.net
- DNS ASK ar###green.net
- DNS ASK ar###lift.net
- DNS ASK dr###where.net
- DNS ASK th###here.net
- DNS ASK ar###hand.net
- DNS ASK so###hand.net
- DNS ASK so###sound.net
- DNS ASK so###green.net
- DNS ASK ar###sound.net
- '23#.#55.255.250':1900