Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Connections Themes Server Transfer' = '<SYSTEM32>\fjrzyzcopl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Plug Link-Layer Function Panel Framework Files] 'ImagePath' = '<SYSTEM32>\fjrzyzcopl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Plug Link-Layer Function Panel Framework Files] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\aryvgvgofjye.exe' "<SYSTEM32>\fjrzyzcopl.exe"
- '%WINDIR%\Temp\zrpyulu2olfwc3mj.exe' -r 49323 tcp
- '%TEMP%\zrpyulu2h0vwc3mjmd1nzct.exe'
- '<SYSTEM32>\fjrzyzcopl.exe'
- <SYSTEM32>\xkaocjldakzh\run
- <SYSTEM32>\xkaocjldakzh\rng
- %WINDIR%\Temp\zrpyulu2olfwc3mj.exe
- <SYSTEM32>\xkaocjldakzh\cfg
- <SYSTEM32>\aryvgvgofjye.exe
- %TEMP%\zrpyulu2h0vwc3mjmd1nzct.exe
- <SYSTEM32>\xkaocjldakzh\tst
- <SYSTEM32>\fjrzyzcopl.exe
- <SYSTEM32>\xkaocjldakzh\etc
- <SYSTEM32>\aryvgvgofjye.exe
- <SYSTEM32>\fjrzyzcopl.exe
- %WINDIR%\Temp\zrpyulu2olfwc3mj.exe
- <DRIVERS>\etc\hosts
- %TEMP%\zrpyulu2h0vwc3mjmd1nzct.exe
- 'so###ont.net':80
- 'wh###aunt.net':80
- 'sa###unt.net':80
- 'lo###reat.net':80
- 'so###reat.net':80
- 'lo###ont.net':80
- 'sa###reat.net':80
- 'wh###dont.net':80
- 'sa###ont.net':80
- 'wh###scene.net':80
- 'sa###cene.net':80
- 'wh###great.net':80
- 'de####erfive.net':80
- 'al###eight.net':80
- 'de####ereight.net':80
- 'al###voice.net':80
- 'de####ervoice.net':80
- 'al###five.net':80
- 'so###unt.net':80
- 'lo###cene.net':80
- 'so###cene.net':80
- 'al###they.net':80
- 'de####erthey.net':80
- 'lo###unt.net':80
- 'st###aunt.net':80
- 'mo###aunt.net':80
- 'ti###unt.net':80
- 'mo###scene.net':80
- 'li###reat.net':80
- 'en###dont.net':80
- 'li###ont.net':80
- 'mo###dont.net':80
- 'ti###ont.net':80
- 'sh###aunt.net':80
- 'ti###cene.net':80
- 'mo###great.net':80
- 'ti###reat.net':80
- 'st###great.net':80
- 'ba###reat.net':80
- 'st###dont.net':80
- 'ba###unt.net':80
- 'st###scene.net':80
- 'ba###cene.net':80
- 'en###scene.net':80
- 'li###cene.net':80
- 'en###great.net':80
- 'ba###ont.net':80
- 'en###aunt.net':80
- 'li###unt.net':80
- 'st###they.net':80
- 'ba###hey.net':80
- 'en###voice.net':80
- 'ri###nstorm.net':80
- 'st###eight.net':80
- 'ba###ight.net':80
- 'en###eight.net':80
- 'li###ight.net':80
- 'en###they.net':80
- 'li###oice.net':80
- 'en###five.net':80
- 'li###ive.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'mo###ugust.net':80
- 'ef###tbuilt.net':80
- 'th###while.net':80
- 'jo####ymeasure.net':80
- 'pr####tbottom.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'mi###hown.net':80
- 'ab###ell.net':80
- 'mo###olor.net':80
- 'li###hey.net':80
- 'de###hey.net':80
- 'pu###oice.net':80
- 'fr###yvoice.net':80
- 'sh###eight.net':80
- 'de###ight.net':80
- 'sh###they.net':80
- 'fr###yeight.net':80
- 'pu###hey.net':80
- 'fr###ythey.net':80
- 'pu###ive.net':80
- 'fr###yfive.net':80
- 'pu###ight.net':80
- 'ti###ive.net':80
- 'mo###eight.net':80
- 'ti###ight.net':80
- 'mo###voice.net':80
- 'ti###oice.net':80
- 'mo###five.net':80
- 'de###oice.net':80
- 'sh###five.net':80
- 'de###ive.net':80
- 'mo###they.net':80
- 'ti###hey.net':80
- 'sh###voice.net':80
- http://so###ont.net/index.php
- http://wh###aunt.net/index.php
- http://sa###unt.net/index.php
- http://lo###reat.net/index.php
- http://so###reat.net/index.php
- http://lo###ont.net/index.php
- http://sa###reat.net/index.php
- http://wh###dont.net/index.php
- http://sa###ont.net/index.php
- http://wh###scene.net/index.php
- http://sa###cene.net/index.php
- http://wh###great.net/index.php
- http://de####erfive.net/index.php
- http://al###eight.net/index.php
- http://de####ereight.net/index.php
- http://al###voice.net/index.php
- http://de####ervoice.net/index.php
- http://al###five.net/index.php
- http://so###unt.net/index.php
- http://lo###cene.net/index.php
- http://so###cene.net/index.php
- http://al###they.net/index.php
- http://de####erthey.net/index.php
- http://lo###unt.net/index.php
- http://st###aunt.net/index.php
- http://mo###aunt.net/index.php
- http://ti###unt.net/index.php
- http://mo###scene.net/index.php
- http://li###reat.net/index.php
- http://en###dont.net/index.php
- http://li###ont.net/index.php
- http://mo###dont.net/index.php
- http://ti###ont.net/index.php
- http://sh###aunt.net/index.php
- http://ti###cene.net/index.php
- http://mo###great.net/index.php
- http://ti###reat.net/index.php
- http://st###great.net/index.php
- http://ba###reat.net/index.php
- http://st###dont.net/index.php
- http://ba###unt.net/index.php
- http://st###scene.net/index.php
- http://ba###cene.net/index.php
- http://en###scene.net/index.php
- http://li###cene.net/index.php
- http://en###great.net/index.php
- http://ba###ont.net/index.php
- http://en###aunt.net/index.php
- http://li###unt.net/index.php
- http://st###they.net/index.php
- http://ba###hey.net/index.php
- http://en###voice.net/index.php
- http://ri###nstorm.net/index.php
- http://st###eight.net/index.php
- http://ba###ight.net/index.php
- http://en###eight.net/index.php
- http://li###ight.net/index.php
- http://en###they.net/index.php
- http://li###oice.net/index.php
- http://en###five.net/index.php
- http://li###ive.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://mo###ugust.net/index.php
- http://ef###tbuilt.net/index.php
- http://th###while.net/index.php
- http://jo####ymeasure.net/index.php
- http://pr####tbottom.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://mi###hown.net/index.php
- http://ab###ell.net/index.php
- http://mo###olor.net/index.php
- http://li###hey.net/index.php
- http://de###hey.net/index.php
- http://pu###oice.net/index.php
- http://fr###yvoice.net/index.php
- http://sh###eight.net/index.php
- http://de###ight.net/index.php
- http://sh###they.net/index.php
- http://fr###yeight.net/index.php
- http://pu###hey.net/index.php
- http://fr###ythey.net/index.php
- http://pu###ive.net/index.php
- http://fr###yfive.net/index.php
- http://pu###ight.net/index.php
- http://ti###ive.net/index.php
- http://mo###eight.net/index.php
- http://ti###ight.net/index.php
- http://mo###voice.net/index.php
- http://ti###oice.net/index.php
- http://mo###five.net/index.php
- http://de###oice.net/index.php
- http://sh###five.net/index.php
- http://de###ive.net/index.php
- http://mo###they.net/index.php
- http://ti###hey.net/index.php
- http://sh###voice.net/index.php
- DNS ASK so###ont.net
- DNS ASK wh###aunt.net
- DNS ASK sa###unt.net
- DNS ASK lo###reat.net
- DNS ASK so###reat.net
- DNS ASK lo###ont.net
- DNS ASK sa###reat.net
- DNS ASK wh###dont.net
- DNS ASK sa###ont.net
- DNS ASK wh###scene.net
- DNS ASK sa###cene.net
- DNS ASK wh###great.net
- DNS ASK de####erfive.net
- DNS ASK al###eight.net
- DNS ASK de####ereight.net
- DNS ASK al###voice.net
- DNS ASK de####ervoice.net
- DNS ASK al###five.net
- DNS ASK so###unt.net
- DNS ASK lo###cene.net
- DNS ASK so###cene.net
- DNS ASK al###they.net
- DNS ASK de####erthey.net
- DNS ASK lo###unt.net
- DNS ASK st###aunt.net
- DNS ASK mo###aunt.net
- DNS ASK ti###unt.net
- DNS ASK mo###scene.net
- DNS ASK li###reat.net
- DNS ASK en###dont.net
- DNS ASK li###ont.net
- DNS ASK mo###dont.net
- DNS ASK ti###ont.net
- DNS ASK sh###aunt.net
- DNS ASK ti###cene.net
- DNS ASK mo###great.net
- DNS ASK ti###reat.net
- DNS ASK st###great.net
- DNS ASK ba###reat.net
- DNS ASK st###dont.net
- DNS ASK ba###unt.net
- DNS ASK st###scene.net
- DNS ASK ba###cene.net
- DNS ASK en###scene.net
- DNS ASK li###cene.net
- DNS ASK en###great.net
- DNS ASK ba###ont.net
- DNS ASK en###aunt.net
- DNS ASK li###unt.net
- DNS ASK fr###ythey.net
- DNS ASK st###they.net
- DNS ASK ba###hey.net
- DNS ASK en###voice.net
- DNS ASK ri###nstorm.net
- DNS ASK st###eight.net
- DNS ASK ba###ight.net
- DNS ASK en###eight.net
- DNS ASK li###ight.net
- DNS ASK en###they.net
- DNS ASK li###oice.net
- DNS ASK en###five.net
- DNS ASK li###ive.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK mo###ugust.net
- DNS ASK ef###tbuilt.net
- DNS ASK th###while.net
- DNS ASK jo####ymeasure.net
- DNS ASK pr####tbottom.net
- DNS ASK ca####nbring.net
- DNS ASK al###being.net
- DNS ASK mi###hown.net
- DNS ASK ab###ell.net
- DNS ASK mo###olor.net
- DNS ASK sh###they.net
- DNS ASK de###hey.net
- DNS ASK pu###oice.net
- DNS ASK de###ive.net
- DNS ASK sh###eight.net
- DNS ASK de###ight.net
- DNS ASK pu###ight.net
- DNS ASK fr###yeight.net
- DNS ASK pu###hey.net
- DNS ASK fr###yvoice.net
- DNS ASK pu###ive.net
- DNS ASK fr###yfive.net
- DNS ASK mo###five.net
- DNS ASK ti###ive.net
- DNS ASK mo###eight.net
- DNS ASK li###hey.net
- DNS ASK mo###voice.net
- DNS ASK ti###oice.net
- DNS ASK sh###voice.net
- DNS ASK de###oice.net
- DNS ASK sh###five.net
- DNS ASK ti###ight.net
- DNS ASK mo###they.net
- DNS ASK ti###hey.net
- '23#.#55.255.250':1900