Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Connections Now Counter Audio' = '<SYSTEM32>\bsnxcjejam.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Brightness Firewall Link Parental Browser CNG] 'ImagePath' = '<SYSTEM32>\bsnxcjejam.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Brightness Firewall Link Parental Browser CNG] 'Start' = '00000002'
- Windows Security Center
- '%WINDIR%\Temp\ycu2rsfs39gqc78uk.exe' -r 39829 tcp
- '%WINDIR%\Temp\ycu2rsfs4ozrc78uk.exe' -r 23655 tcp
- '<SYSTEM32>\qvptxyrb.exe' "<SYSTEM32>\bsnxcjejam.exe"
- '%TEMP%\ycu2rsfs320xc78uknzo0ceyc.exe'
- '<SYSTEM32>\bsnxcjejam.exe'
- <SYSTEM32>\xyxwwktxlyfct\run
- <SYSTEM32>\xyxwwktxlyfct\rng
- <SYSTEM32>\xyxwwktxlyfct\cfg
- %WINDIR%\Temp\ycu2rsfs4ozrc78uk.exe
- %WINDIR%\Temp\ycu2rsfs39gqc78uk.exe
- %TEMP%\ycu2rsfs320xc78uknzo0ceyc.exe
- <SYSTEM32>\xyxwwktxlyfct\tst
- <SYSTEM32>\xyxwwktxlyfct\etc
- <SYSTEM32>\qvptxyrb.exe
- <SYSTEM32>\bsnxcjejam.exe
- <SYSTEM32>\qvptxyrb.exe
- <SYSTEM32>\bsnxcjejam.exe
- %WINDIR%\Temp\ycu2rsfs39gqc78uk.exe
- %WINDIR%\Temp\ycu2rsfs4ozrc78uk.exe
- %TEMP%\ycu2rsfs320xc78uknzo0ceyc.exe
- <DRIVERS>\etc\hosts
- 'eq###aunt.net':80
- 'gr###aunt.net':80
- 'eq###scene.net':80
- 'ta###dont.net':80
- 'gl###reat.net':80
- 'ta###great.net':80
- 'gl###ont.net':80
- 'gr###scene.net':80
- 'sp###aunt.net':80
- 'vi###aunt.net':80
- 'sp###scene.net':80
- 'gr###dont.net':80
- 'eq###great.net':80
- 'gr###great.net':80
- 'eq###dont.net':80
- 'sa###unt.net':80
- 'sp###cene.net':80
- 'sa###cene.net':80
- 'de###lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'be##lxc.com':80
- 'sp###reat.net':80
- 'ta###aunt.net':80
- 'gl###cene.net':80
- 'ta###scene.net':80
- 'gl###unt.net':80
- 'sa###reat.net':80
- 'sp###ont.net':80
- 'sa###ont.net':80
- http://eq###aunt.net/index.php
- http://gr###aunt.net/index.php
- http://eq###scene.net/index.php
- http://ta###dont.net/index.php
- http://gl###reat.net/index.php
- http://ta###great.net/index.php
- http://gl###ont.net/index.php
- http://gr###scene.net/index.php
- http://sp###aunt.net/index.php
- http://vi###aunt.net/index.php
- http://sp###scene.net/index.php
- http://gr###dont.net/index.php
- http://eq###great.net/index.php
- http://gr###great.net/index.php
- http://eq###dont.net/index.php
- http://sa###unt.net/index.php
- http://sp###cene.net/index.php
- http://sa###cene.net/index.php
- http://de###lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://be##lxc.com/index.php
- http://sp###reat.net/index.php
- http://ta###aunt.net/index.php
- http://gl###cene.net/index.php
- http://ta###scene.net/index.php
- http://gl###unt.net/index.php
- http://sa###reat.net/index.php
- http://sp###ont.net/index.php
- http://sa###ont.net/index.php
- DNS ASK gr###aunt.net
- DNS ASK eq###aunt.net
- DNS ASK gr###scene.net
- DNS ASK eq###scene.net
- DNS ASK ta###great.net
- DNS ASK gl###reat.net
- DNS ASK ta###dont.net
- DNS ASK gl###ont.net
- DNS ASK vi###aunt.net
- DNS ASK sp###aunt.net
- DNS ASK vi###scene.net
- DNS ASK sp###scene.net
- DNS ASK gr###great.net
- DNS ASK eq###great.net
- DNS ASK gr###dont.net
- DNS ASK eq###dont.net
- DNS ASK sa###unt.net
- DNS ASK sp###cene.net
- DNS ASK sa###cene.net
- DNS ASK de###lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK be##lxc.com
- DNS ASK sp###reat.net
- DNS ASK ta###aunt.net
- DNS ASK gl###cene.net
- DNS ASK ta###scene.net
- DNS ASK gl###unt.net
- DNS ASK sa###reat.net
- DNS ASK sp###ont.net
- DNS ASK sa###ont.net
- '23#.#55.255.250':1900