Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Portable Level Trap Task Store Interactive' = '<SYSTEM32>\ajbkpchxm.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Detection Source Protocol Firewall Tablet] 'Start' = '00000002'
- Windows Security Center
- '%WINDIR%\Temp\xcahnbv2sr6dr.exe' -r 28682 tcp
- '%WINDIR%\Temp\xcahnbv47l1dr.exe' -r 33794 tcp
- '<SYSTEM32>\prifzkzgspo.exe' "<SYSTEM32>\ajbkpchxm.exe"
- '%TEMP%\xcahnbv2l8cdrwxafyheo.exe'
- '<SYSTEM32>\ajbkpchxm.exe'
- <SYSTEM32>\ckoljdclqdurnj\run
- <SYSTEM32>\ckoljdclqdurnj\rng
- <SYSTEM32>\ckoljdclqdurnj\cfg
- %WINDIR%\Temp\xcahnbv47l1dr.exe
- %WINDIR%\Temp\xcahnbv2sr6dr.exe
- %TEMP%\xcahnbv2l8cdrwxafyheo.exe
- <SYSTEM32>\ckoljdclqdurnj\tst
- <SYSTEM32>\ckoljdclqdurnj\etc
- <SYSTEM32>\prifzkzgspo.exe
- <SYSTEM32>\ajbkpchxm.exe
- <SYSTEM32>\prifzkzgspo.exe
- <SYSTEM32>\ajbkpchxm.exe
- %WINDIR%\Temp\xcahnbv2sr6dr.exe
- %WINDIR%\Temp\xcahnbv47l1dr.exe
- %TEMP%\xcahnbv2l8cdrwxafyheo.exe
- <DRIVERS>\etc\hosts
- 'dr###eight.net':80
- 'wi###ight.net':80
- 'dr###they.net':80
- 'wi###ive.net':80
- 'dr###voice.net':80
- 'wi###oice.net':80
- 'dr###five.net':80
- 'wi###hey.net':80
- 'kn###reat.net':80
- 'ab###reat.net':80
- 'kn###ont.net':80
- 'ab###cene.net':80
- 'kn###unt.net':80
- 'ab###unt.net':80
- 'kn###cene.net':80
- 'fe###ive.net':80
- 'lo###ive.net':80
- 'fe###ight.net':80
- 'de###lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'be##lxc.com':80
- 'lo###ight.net':80
- 'th###five.net':80
- 'th###eight.net':80
- 'th###they.net':80
- 'lo###oice.net':80
- 'fe###hey.net':80
- 'lo###hey.net':80
- 'th###voice.net':80
- http://dr###eight.net/index.php
- http://wi###ight.net/index.php
- http://dr###they.net/index.php
- http://wi###ive.net/index.php
- http://dr###voice.net/index.php
- http://wi###oice.net/index.php
- http://dr###five.net/index.php
- http://wi###hey.net/index.php
- http://kn###reat.net/index.php
- http://ab###reat.net/index.php
- http://kn###ont.net/index.php
- http://ab###cene.net/index.php
- http://kn###unt.net/index.php
- http://ab###unt.net/index.php
- http://kn###cene.net/index.php
- http://fe###ive.net/index.php
- http://lo###ive.net/index.php
- http://fe###ight.net/index.php
- http://de###lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://be##lxc.com/index.php
- http://lo###ight.net/index.php
- http://th###five.net/index.php
- http://th###eight.net/index.php
- http://th###they.net/index.php
- http://lo###oice.net/index.php
- http://fe###hey.net/index.php
- http://lo###hey.net/index.php
- http://th###voice.net/index.php
- DNS ASK wi###ight.net
- DNS ASK dr###eight.net
- DNS ASK wi###hey.net
- DNS ASK dr###they.net
- DNS ASK wi###oice.net
- DNS ASK dr###voice.net
- DNS ASK wi###ive.net
- DNS ASK dr###five.net
- DNS ASK ab###reat.net
- DNS ASK kn###reat.net
- DNS ASK ab###ont.net
- DNS ASK kn###ont.net
- DNS ASK ab###unt.net
- DNS ASK kn###unt.net
- DNS ASK ab###cene.net
- DNS ASK kn###cene.net
- DNS ASK fe###ive.net
- DNS ASK lo###ive.net
- DNS ASK fe###ight.net
- DNS ASK de###lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK be##lxc.com
- DNS ASK lo###ight.net
- DNS ASK th###five.net
- DNS ASK th###eight.net
- DNS ASK th###they.net
- DNS ASK lo###oice.net
- DNS ASK fe###hey.net
- DNS ASK lo###hey.net
- DNS ASK th###voice.net
- '23#.#55.255.250':1900