Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Detection Extensible User-mode Collector' = 'C:\glgewuj\znoxvjcqzss.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Modules Software HomeGroup Certificate Drive] 'Start' = '00000002'
- 'C:\glgewuj\xcthuir.exe' "c:\glgewuj\znoxvjcqzss.exe"
- 'C:\glgewuj\znoxvjcqzss.exe'
- 'C:\glgewuj\xdhn2rumfox2iq92mis3.exe'
- C:\glgewuj\znoxvjcqzss.exe
- C:\glgewuj\xcthuir.exe
- C:\glgewuj\xdhn2rumfox2iq92mis3.exe
- %WINDIR%\glgewuj\gyepp1tdsi
- C:\glgewuj\gyepp1tdsi
- C:\glgewuj\xcthuir.exe
- C:\glgewuj\znoxvjcqzss.exe
- C:\glgewuj\xdhn2rumfox2iq92mis3.exe
- %WINDIR%\glgewuj\gyepp1tdsi
- 'fa####forever.net':80
- 'ch####enbottom.net':80
- 'ch####enforever.net':80
- 'ch####enbeing.net':80
- 'fa###ybeing.net':80
- 'ei###rbeing.net':80
- 'en####hbeing.net':80
- 'en####hbeyond.net':80
- 'fa####bottom.net':80
- 'ei####beyond.net':80
- 'fa####beyond.net':80
- 'pi####ebeing.net':80
- 'ci####ttebeing.net':80
- 'ci####ttebeyond.net':80
- 'th####bottom.net':80
- 'pi####ebeyond.net':80
- 'ci####ttebottom.net':80
- 'ch####enbeyond.net':80
- 'pi####ebottom.net':80
- 'pi####eforever.net':80
- 'ci#####teforever.net':80
- 'pe####minute.net':80
- 'ma####eminute.net':80
- 'ma####eflower.net':80
- 'be####ecorner.net':80
- 'pe####flower.net':80
- 'ma####ecorner.net':80
- 'su####flower.net':80
- 'pe####corner.net':80
- 'pe####special.net':80
- 'ma####especial.net':80
- 'ex####corner.net':80
- 'en####hbottom.net':80
- 'ex####flower.net':80
- 'ei####bottom.net':80
- 'ei####forever.net':80
- 'en####hforever.net':80
- 'ex####special.net':80
- 'be####especial.net':80
- 'be####eminute.net':80
- 'be####eflower.net':80
- 'ex####minute.net':80
- 'ma####ebeing.net':80
- 'pe####forever.net':80
- 'pe###nbeing.net':80
- 'pe####beyond.net':80
- 'ma####ebeyond.net':80
- 'su####beyond.net':80
- 'fo####nbeyond.net':80
- 'ma####ebottom.net':80
- 'ma####eforever.net':80
- 'pe####bottom.net':80
- 'be####ebottom.net':80
- 'ex####beyond.net':80
- 'be####ebeyond.net':80
- 'st###close.net':80
- 'st###yellow.net':80
- 'st####thclose.net':80
- 'be####eforever.net':80
- 'ex####bottom.net':80
- 'ex####forever.net':80
- 'ex###tbeing.net':80
- 'be####ebeing.net':80
- 'fi####beyond.net':80
- 'th####beyond.net':80
- 'ri###bottom.net':80
- 'ri####orever.net':80
- 'wh####rbottom.net':80
- 'th####forever.net':80
- 'fi####bottom.net':80
- 'fi####forever.net':80
- 'fi###ebeing.net':80
- 'th###hbeing.net':80
- 'wh####rforever.net':80
- 'fo####nforever.net':80
- 'su####bottom.net':80
- 'su####forever.net':80
- 'su###nbeing.net':80
- 'fo####nbeing.net':80
- 'wh####rbeing.net':80
- 'ri###being.net':80
- 'ri###beyond.net':80
- 'fo####nbottom.net':80
- 'wh####rbeyond.net':80
- http://fa####forever.net/index.php
- http://ch####enbottom.net/index.php
- http://ch####enforever.net/index.php
- http://ch####enbeing.net/index.php
- http://fa###ybeing.net/index.php
- http://ei###rbeing.net/index.php
- http://en####hbeing.net/index.php
- http://en####hbeyond.net/index.php
- http://fa####bottom.net/index.php
- http://ei####beyond.net/index.php
- http://fa####beyond.net/index.php
- http://pi####ebeing.net/index.php
- http://ci####ttebeing.net/index.php
- http://ci####ttebeyond.net/index.php
- http://th####bottom.net/index.php
- http://pi####ebeyond.net/index.php
- http://ci####ttebottom.net/index.php
- http://ch####enbeyond.net/index.php
- http://pi####ebottom.net/index.php
- http://pi####eforever.net/index.php
- http://ci#####teforever.net/index.php
- http://pe####minute.net/index.php
- http://ma####eminute.net/index.php
- http://ma####eflower.net/index.php
- http://be####ecorner.net/index.php
- http://pe####flower.net/index.php
- http://ma####ecorner.net/index.php
- http://su####flower.net/index.php
- http://pe####corner.net/index.php
- http://pe####special.net/index.php
- http://ma####especial.net/index.php
- http://ex####corner.net/index.php
- http://en####hbottom.net/index.php
- http://ex####flower.net/index.php
- http://ei####bottom.net/index.php
- http://ei####forever.net/index.php
- http://en####hforever.net/index.php
- http://ex####special.net/index.php
- http://be####especial.net/index.php
- http://be####eminute.net/index.php
- http://be####eflower.net/index.php
- http://ex####minute.net/index.php
- http://ma####ebeing.net/index.php
- http://pe####forever.net/index.php
- http://pe###nbeing.net/index.php
- http://pe####beyond.net/index.php
- http://ma####ebeyond.net/index.php
- http://su####beyond.net/index.php
- http://fo####nbeyond.net/index.php
- http://ma####ebottom.net/index.php
- http://ma####eforever.net/index.php
- http://pe####bottom.net/index.php
- http://be####ebottom.net/index.php
- http://ex####beyond.net/index.php
- http://be####ebeyond.net/index.php
- http://st###close.net/index.php
- http://st###yellow.net/index.php
- http://st####thclose.net/index.php
- http://be####eforever.net/index.php
- http://ex####bottom.net/index.php
- http://ex####forever.net/index.php
- http://ex###tbeing.net/index.php
- http://be####ebeing.net/index.php
- http://fi####beyond.net/index.php
- http://th####beyond.net/index.php
- http://ri###bottom.net/index.php
- http://ri####orever.net/index.php
- http://wh####rbottom.net/index.php
- http://th####forever.net/index.php
- http://fi####bottom.net/index.php
- http://fi####forever.net/index.php
- http://fi###ebeing.net/index.php
- http://th###hbeing.net/index.php
- http://wh####rforever.net/index.php
- http://fo####nforever.net/index.php
- http://su####bottom.net/index.php
- http://su####forever.net/index.php
- http://su###nbeing.net/index.php
- http://fo####nbeing.net/index.php
- http://wh####rbeing.net/index.php
- http://ri###being.net/index.php
- http://ri###beyond.net/index.php
- http://fo####nbottom.net/index.php
- http://wh####rbeyond.net/index.php
- DNS ASK ch####enbottom.net
- DNS ASK fa####bottom.net
- DNS ASK fa####forever.net
- DNS ASK fa###ybeing.net
- DNS ASK ch####enforever.net
- DNS ASK en####hbeing.net
- DNS ASK ei####forever.net
- DNS ASK ei###rbeing.net
- DNS ASK ei####beyond.net
- DNS ASK en####hbeyond.net
- DNS ASK ch####enbeing.net
- DNS ASK ci####ttebeing.net
- DNS ASK pi####eforever.net
- DNS ASK pi####ebeing.net
- DNS ASK pi####ebeyond.net
- DNS ASK ci####ttebeyond.net
- DNS ASK ch####enbeyond.net
- DNS ASK fa####beyond.net
- DNS ASK ci####ttebottom.net
- DNS ASK ci#####teforever.net
- DNS ASK pi####ebottom.net
- DNS ASK ma####eminute.net
- DNS ASK pe####special.net
- DNS ASK pe####minute.net
- DNS ASK pe####flower.net
- DNS ASK ma####eflower.net
- DNS ASK su####flower.net
- DNS ASK fo####nflower.net
- DNS ASK ma####ecorner.net
- DNS ASK ma####especial.net
- DNS ASK pe####corner.net
- DNS ASK be####ecorner.net
- DNS ASK ex####flower.net
- DNS ASK be####eflower.net
- DNS ASK en####hbottom.net
- DNS ASK en####hforever.net
- DNS ASK ei####bottom.net
- DNS ASK be####especial.net
- DNS ASK ex####corner.net
- DNS ASK ex####special.net
- DNS ASK ex####minute.net
- DNS ASK be####eminute.net
- DNS ASK th####bottom.net
- DNS ASK ma####ebeing.net
- DNS ASK pe####forever.net
- DNS ASK pe###nbeing.net
- DNS ASK pe####beyond.net
- DNS ASK ma####ebeyond.net
- DNS ASK su####beyond.net
- DNS ASK fo####nbeyond.net
- DNS ASK ma####ebottom.net
- DNS ASK ma####eforever.net
- DNS ASK pe####bottom.net
- DNS ASK be####ebottom.net
- DNS ASK ex####beyond.net
- DNS ASK be####ebeyond.net
- DNS ASK st###close.net
- DNS ASK st###yellow.net
- DNS ASK st####thclose.net
- DNS ASK be####eforever.net
- DNS ASK ex####bottom.net
- DNS ASK ex####forever.net
- DNS ASK ex###tbeing.net
- DNS ASK be####ebeing.net
- DNS ASK fi####beyond.net
- DNS ASK th####beyond.net
- DNS ASK ri###bottom.net
- DNS ASK ri####orever.net
- DNS ASK wh####rbottom.net
- DNS ASK th####forever.net
- DNS ASK fi####bottom.net
- DNS ASK fi####forever.net
- DNS ASK fi###ebeing.net
- DNS ASK th###hbeing.net
- DNS ASK wh####rforever.net
- DNS ASK fo####nforever.net
- DNS ASK su####bottom.net
- DNS ASK su####forever.net
- DNS ASK su###nbeing.net
- DNS ASK fo####nbeing.net
- DNS ASK wh####rbeing.net
- DNS ASK ri###being.net
- DNS ASK ri###beyond.net
- DNS ASK fo####nbottom.net
- DNS ASK wh####rbeyond.net
- ClassName: 'Shell_TrayWnd' WindowName: ''