Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Themes Reporting RPC Transaction' = 'C:\qshlxrqsqikmgpl\kefvoxfkvwhu.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Drive RPC Level WMI Office] 'ImagePath' = 'C:\qshlxrqsqikmgpl\kefvoxfkvwhu.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Drive RPC Level WMI Office] 'Start' = '00000002'
- 'C:\qshlxrqsqikmgpl\enysclf.exe' "c:\qshlxrqsqikmgpl\kefvoxfkvwhu.exe"
- 'C:\qshlxrqsqikmgpl\kefvoxfkvwhu.exe'
- 'C:\qshlxrqsqikmgpl\cvget3emhvnlvmvmzj0g.exe'
- C:\qshlxrqsqikmgpl\kefvoxfkvwhu.exe
- C:\qshlxrqsqikmgpl\enysclf.exe
- C:\qshlxrqsqikmgpl\cvget3emhvnlvmvmzj0g.exe
- %WINDIR%\qshlxrqsqikmgpl\kalrepd
- C:\qshlxrqsqikmgpl\kalrepd
- C:\qshlxrqsqikmgpl\enysclf.exe
- C:\qshlxrqsqikmgpl\kefvoxfkvwhu.exe
- C:\qshlxrqsqikmgpl\cvget3emhvnlvmvmzj0g.exe
- %WINDIR%\qshlxrqsqikmgpl\kalrepd
- 'fo####special.net':80
- 'me####minute.net':80
- 'fo####corner.net':80
- 'me####special.net':80
- 'fo####flower.net':80
- 'al####ycorner.net':80
- 'fo####minute.net':80
- 'me####flower.net':80
- 'be####pecial.net':80
- 'kn###minute.net':80
- 'be###corner.net':80
- 'kn####pecial.net':80
- 'be###flower.net':80
- 'me####corner.net':80
- 'be###minute.net':80
- 'kn###flower.net':80
- 'ge####mancorner.net':80
- 'ex#####nceminute.net':80
- 'fr###minute.net':80
- 'ex#####ncespecial.net':80
- 'fr####pecial.net':80
- 'fi###bottom.net':80
- 'pa###bottom.net':80
- 'ex#####nceflower.net':80
- 'fr###flower.net':80
- 'al####yminute.net':80
- 'ge####manminute.net':80
- 'al####yspecial.net':80
- 'ge#####anspecial.net':80
- 'ex#####ncecorner.net':80
- 'fr###corner.net':80
- 'al####yflower.net':80
- 'ge####manflower.net':80
- http://fo####special.net/index.php
- http://me####minute.net/index.php
- http://fo####corner.net/index.php
- http://me####special.net/index.php
- http://fo####flower.net/index.php
- http://al####ycorner.net/index.php
- http://fo####minute.net/index.php
- http://me####flower.net/index.php
- http://be####pecial.net/index.php
- http://kn###minute.net/index.php
- http://be###corner.net/index.php
- http://kn####pecial.net/index.php
- http://be###flower.net/index.php
- http://me####corner.net/index.php
- http://be###minute.net/index.php
- http://kn###flower.net/index.php
- http://ge####mancorner.net/index.php
- http://ex#####nceminute.net/index.php
- http://fr###minute.net/index.php
- http://ex#####ncespecial.net/index.php
- http://fr####pecial.net/index.php
- http://fi###bottom.net/index.php
- http://pa###bottom.net/index.php
- http://ex#####nceflower.net/index.php
- http://fr###flower.net/index.php
- http://al####yminute.net/index.php
- http://ge####manminute.net/index.php
- http://al####yspecial.net/index.php
- http://ge#####anspecial.net/index.php
- http://ex#####ncecorner.net/index.php
- http://fr###corner.net/index.php
- http://al####yflower.net/index.php
- http://ge####manflower.net/index.php
- DNS ASK fo####special.net
- DNS ASK me####minute.net
- DNS ASK fo####corner.net
- DNS ASK me####special.net
- DNS ASK fo####flower.net
- DNS ASK al####ycorner.net
- DNS ASK fo####minute.net
- DNS ASK me####flower.net
- DNS ASK me####corner.net
- DNS ASK kn####pecial.net
- DNS ASK be####pecial.net
- DNS ASK kn###corner.net
- DNS ASK be###corner.net
- DNS ASK kn###flower.net
- DNS ASK be###flower.net
- DNS ASK kn###minute.net
- DNS ASK be###minute.net
- DNS ASK ex#####nceminute.net
- DNS ASK fr###minute.net
- DNS ASK ex#####ncespecial.net
- DNS ASK fr####pecial.net
- DNS ASK fi###bottom.net
- DNS ASK pa###bottom.net
- DNS ASK ex#####nceflower.net
- DNS ASK fr###flower.net
- DNS ASK fr###corner.net
- DNS ASK ge#####anspecial.net
- DNS ASK al####yminute.net
- DNS ASK ge####mancorner.net
- DNS ASK al####yspecial.net
- DNS ASK ge####manflower.net
- DNS ASK ex#####ncecorner.net
- DNS ASK ge####manminute.net
- DNS ASK al####yflower.net
- ClassName: 'Shell_TrayWnd' WindowName: ''