Technical Information
- [HKLM\System\CurrentControlSet\Services\Configuration Log Protection] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\Configuration Log Protection] 'ImagePath' = 'C:\irsykvgnztnmifr\uhkgamaiiot.exe'
- 'Configuration Log Protection' C:\irsykvgnztnmifr\uhkgamaiiot.exe
- %WINDIR%\irsykvgnztnmifr\hi6kgzxcibxj
- C:\irsykvgnztnmifr\hi6kgzxcibxj
- C:\irsykvgnztnmifr\yhtu3ibkkiouifaagrd.exe
- C:\irsykvgnztnmifr\uhkgamaiiot.exe
- C:\irsykvgnztnmifr\bmivdsyydxo.exe
- C:\irsykvgnztnmifr\uhkgamaiiot.exe
- C:\irsykvgnztnmifr\bmivdsyydxo.exe
- %WINDIR%\irsykvgnztnmifr\hi6kgzxcibxj
- C:\irsykvgnztnmifr\yhtu3ibkkiouifaagrd.exe
- %WINDIR%\irsykvgnztnmifr\hi6kgzxcibxj
- 'be####battle.net':80
- 'br###mayor.net':80
- 'qu###heart.net':80
- 'pr####tvalue.net':80
- 'ch####rderly.net':80
- 'co####evalue.net':80
- 'tw####reason.net':80
- 'hi####yvalue.net':80
- http://be####battle.net/index.php
- http://br###mayor.net/index.php
- http://qu###heart.net/index.php
- http://pr####tvalue.net/index.php
- http://ch####rderly.net/index.php
- http://co####evalue.net/index.php
- http://tw####reason.net/index.php
- http://hi####yvalue.net/index.php
- DNS ASK ga###rheart.net
- DNS ASK ra####reason.net
- DNS ASK mo####galmost.net
- DNS ASK ra####almost.net
- DNS ASK tw###evalue.net
- DNS ASK mi###evalue.net
- DNS ASK tw####orderly.net
- DNS ASK mi####orderly.net
- DNS ASK mo####greason.net
- DNS ASK tw####reason.net
- DNS ASK tw####almost.net
- DNS ASK mi####almost.net
- DNS ASK al###value.net
- DNS ASK of###value.net
- DNS ASK al####rderly.net
- DNS ASK of####rderly.net
- DNS ASK al###reason.net
- DNS ASK mi####reason.net
- DNS ASK ra####orderly.net
- DNS ASK mo####gorderly.net
- DNS ASK ra###rvalue.net
- DNS ASK we####rvalue.net
- DNS ASK am###tvalue.net
- DNS ASK we####rorderly.net
- DNS ASK am####orderly.net
- DNS ASK we####rreason.net
- DNS ASK am####reason.net
- DNS ASK we####ralmost.net
- DNS ASK am####almost.net
- DNS ASK hi####yvalue.net
- DNS ASK st####evalue.net
- DNS ASK hi####yorderly.net
- DNS ASK st####eorderly.net
- DNS ASK hi####yreason.net
- DNS ASK st####ereason.net
- DNS ASK hi####yalmost.net
- DNS ASK st####ealmost.net
- DNS ASK mo####gvalue.net
- DNS ASK of###reason.net
- DNS ASK cl###almost.net
- DNS ASK al###almost.net
- DNS ASK co####evalue.net
- DNS ASK se###nheart.net
- DNS ASK qu###heart.net
- DNS ASK br###battle.net
- DNS ASK fl###battle.net
- DNS ASK br###mayor.net
- DNS ASK fl###mayor.net
- DNS ASK br####erfect.net
- DNS ASK qu####erfect.net
- DNS ASK fl####erfect.net
- DNS ASK fl###heart.net
- DNS ASK ga####battle.net
- DNS ASK be####battle.net
- DNS ASK ga###rmayor.net
- DNS ASK be###rmayor.net
- DNS ASK ga####perfect.net
- DNS ASK be####perfect.net
- DNS ASK br###heart.net
- DNS ASK se####perfect.net
- DNS ASK qu###mayor.net
- DNS ASK se###nmayor.net
- DNS ASK ch###value.net
- DNS ASK co####eorderly.net
- DNS ASK ch####rderly.net
- DNS ASK co####ereason.net
- DNS ASK ch###reason.net
- DNS ASK co####ealmost.net
- DNS ASK ch###almost.net
- DNS ASK pr####tvalue.net
- DNS ASK th###value.net
- DNS ASK pr####torderly.net
- DNS ASK th####rderly.net
- DNS ASK pr####treason.net
- DNS ASK th###reason.net
- DNS ASK pr####talmost.net
- DNS ASK th###almost.net
- DNS ASK se####battle.net
- DNS ASK qu###battle.net
- DNS ASK of###almost.net
- DNS ASK cl###reason.net
- 'C:\irsykvgnztnmifr\yhtu3ibkkiouifaagrd.exe'
- 'C:\irsykvgnztnmifr\uhkgamaiiot.exe'
- 'C:\irsykvgnztnmifr\bmivdsyydxo.exe' "c:\irsykvgnztnmifr\uhkgamaiiot.exe"