Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Controls Tunneling Class UserMode CNG Link-Layer' = 'C:\drmhleagr\uttznuhielyc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Solutions Background Storage Log] 'ImagePath' = 'C:\drmhleagr\uttznuhielyc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Solutions Background Storage Log] 'Start' = '00000002'
- 'C:\drmhleagr\lrvukhzi.exe' "c:\drmhleagr\uttznuhielyc.exe"
- 'C:\drmhleagr\uttznuhielyc.exe'
- 'C:\drmhleagr\kii2v4oxtnzogdu.exe'
- C:\drmhleagr\uttznuhielyc.exe
- C:\drmhleagr\lrvukhzi.exe
- C:\drmhleagr\kii2v4oxtnzogdu.exe
- %WINDIR%\drmhleagr\oicqkfo9csys
- C:\drmhleagr\oicqkfo9csys
- C:\drmhleagr\lrvukhzi.exe
- C:\drmhleagr\uttznuhielyc.exe
- C:\drmhleagr\kii2v4oxtnzogdu.exe
- %WINDIR%\drmhleagr\oicqkfo9csys
- 'be####eduring.net':80
- 'pe####length.net':80
- 'be####eindeed.net':80
- 'ex####during.net':80
- 'ma####elength.net':80
- 'pe####indeed.net':80
- 'ma####eindeed.net':80
- 'pe####notice.net':80
- 'ma####enotice.net':80
- 'ex####indeed.net':80
- 'st####theearly.net':80
- 'st####thpublic.net':80
- 'de###edress.net':80
- 'st####thcatch.net':80
- 'st####thdress.net':80
- 'ex####notice.net':80
- 'be####enotice.net':80
- 'ex####length.net':80
- 'be####elength.net':80
- 'pe####during.net':80
- 'ri###notice.net':80
- 'wh####rindeed.net':80
- 'ri###length.net':80
- 'wh####rnotice.net':80
- 'ri###indeed.net':80
- 'fi####length.net':80
- 'th####length.net':80
- 'wh####rduring.net':80
- 'ri###during.net':80
- 'wh####rlength.net':80
- 'fo####nlength.net':80
- 'su####notice.net':80
- 'ma####eduring.net':80
- 'su####length.net':80
- 'fo####nnotice.net':80
- 'su####during.net':80
- 'fo####nduring.net':80
- 'su####indeed.net':80
- 'fo####nindeed.net':80
- 'pr####edress.net':80
- 'pr###ycatch.net':80
- 'do####eearly.net':80
- 'mi###dress.net':80
- 'do###rcatch.net':80
- 'pr####eearly.net':80
- 'do###rdress.net':80
- 'pr###ydress.net':80
- 'do####public.net':80
- 'pr####public.net':80
- 'st###dress.net':80
- 'ev####gdress.net':80
- 'st###catch.net':80
- 'ev####gpublic.net':80
- 'bu####ngdress.net':80
- 'mi###catch.net':80
- 'st###public.net':80
- 'mi###public.net':80
- 'st###eearly.net':80
- 'mi###eearly.net':80
- 'fe###wcatch.net':80
- 're###tdress.net':80
- 'pr####ecatch.net':80
- 're####public.net':80
- 'br###ndress.net':80
- 'de###ecatch.net':80
- 'pr####epublic.net':80
- 'de####public.net':80
- 'pr####eeearly.net':80
- 'de####eearly.net':80
- 'br####public.net':80
- 'fe####public.net':80
- 'fe###wdress.net':80
- 'do###ecatch.net':80
- 'fe####eearly.net':80
- 'do###edress.net':80
- 'br####eearly.net':80
- 're####eearly.net':80
- 'br###ncatch.net':80
- 're###tcatch.net':80
- http://be####eduring.net/index.php
- http://pe####length.net/index.php
- http://be####eindeed.net/index.php
- http://ex####during.net/index.php
- http://ma####elength.net/index.php
- http://pe####indeed.net/index.php
- http://ma####eindeed.net/index.php
- http://pe####notice.net/index.php
- http://ma####enotice.net/index.php
- http://ex####indeed.net/index.php
- http://st####theearly.net/index.php
- http://st####thpublic.net/index.php
- http://de###edress.net/index.php
- http://st####thcatch.net/index.php
- http://st####thdress.net/index.php
- http://ex####notice.net/index.php
- http://be####enotice.net/index.php
- http://ex####length.net/index.php
- http://be####elength.net/index.php
- http://pe####during.net/index.php
- http://ri###notice.net/index.php
- http://wh####rindeed.net/index.php
- http://ri###length.net/index.php
- http://wh####rnotice.net/index.php
- http://ri###indeed.net/index.php
- http://fi####length.net/index.php
- http://th####length.net/index.php
- http://wh####rduring.net/index.php
- http://ri###during.net/index.php
- http://wh####rlength.net/index.php
- http://fo####nlength.net/index.php
- http://su####notice.net/index.php
- http://ma####eduring.net/index.php
- http://su####length.net/index.php
- http://fo####nnotice.net/index.php
- http://su####during.net/index.php
- http://fo####nduring.net/index.php
- http://su####indeed.net/index.php
- http://fo####nindeed.net/index.php
- http://pr####edress.net/index.php
- http://pr###ycatch.net/index.php
- http://do####eearly.net/index.php
- http://mi###dress.net/index.php
- http://do###rcatch.net/index.php
- http://pr####eearly.net/index.php
- http://do###rdress.net/index.php
- http://pr###ydress.net/index.php
- http://do####public.net/index.php
- http://pr####public.net/index.php
- http://st###dress.net/index.php
- http://ev####gdress.net/index.php
- http://st###catch.net/index.php
- http://ev####gpublic.net/index.php
- http://bu####ngdress.net/index.php
- http://mi###catch.net/index.php
- http://st###public.net/index.php
- http://mi###public.net/index.php
- http://st###eearly.net/index.php
- http://mi###eearly.net/index.php
- http://fe###wcatch.net/index.php
- http://re###tdress.net/index.php
- http://pr####ecatch.net/index.php
- http://re####public.net/index.php
- http://br###ndress.net/index.php
- http://de###ecatch.net/index.php
- http://pr####epublic.net/index.php
- http://de####public.net/index.php
- http://pr####eeearly.net/index.php
- http://de####eearly.net/index.php
- http://br####public.net/index.php
- http://fe####public.net/index.php
- http://fe###wdress.net/index.php
- http://do###ecatch.net/index.php
- http://fe####eearly.net/index.php
- http://do###edress.net/index.php
- http://br####eearly.net/index.php
- http://re####eearly.net/index.php
- http://br###ncatch.net/index.php
- http://re###tcatch.net/index.php
- DNS ASK pe####length.net
- DNS ASK ma####elength.net
- DNS ASK be####eduring.net
- DNS ASK be####eindeed.net
- DNS ASK ex####during.net
- DNS ASK ma####eindeed.net
- DNS ASK pe####during.net
- DNS ASK pe####indeed.net
- DNS ASK pe####notice.net
- DNS ASK ma####enotice.net
- DNS ASK st####thpublic.net
- DNS ASK st####thdress.net
- DNS ASK st####theearly.net
- DNS ASK de###edress.net
- DNS ASK st####thcatch.net
- DNS ASK be####enotice.net
- DNS ASK ex####indeed.net
- DNS ASK ex####notice.net
- DNS ASK ex####length.net
- DNS ASK be####elength.net
- DNS ASK wh####rindeed.net
- DNS ASK ri###indeed.net
- DNS ASK ri###notice.net
- DNS ASK ri###length.net
- DNS ASK wh####rnotice.net
- DNS ASK th####length.net
- DNS ASK fi####notice.net
- DNS ASK fi####length.net
- DNS ASK wh####rduring.net
- DNS ASK ri###during.net
- DNS ASK su####notice.net
- DNS ASK fo####nnotice.net
- DNS ASK fo####nlength.net
- DNS ASK ma####eduring.net
- DNS ASK su####length.net
- DNS ASK fo####nduring.net
- DNS ASK wh####rlength.net
- DNS ASK su####during.net
- DNS ASK su####indeed.net
- DNS ASK fo####nindeed.net
- DNS ASK do####eearly.net
- DNS ASK pr####eearly.net
- DNS ASK pr###ycatch.net
- DNS ASK mi###dress.net
- DNS ASK do###rcatch.net
- DNS ASK pr###ydress.net
- DNS ASK fe###wcatch.net
- DNS ASK do###rdress.net
- DNS ASK do####public.net
- DNS ASK pr####public.net
- DNS ASK st###catch.net
- DNS ASK mi###catch.net
- DNS ASK ev####gdress.net
- DNS ASK ev####gpublic.net
- DNS ASK bu####ngdress.net
- DNS ASK mi###public.net
- DNS ASK st###dress.net
- DNS ASK st###public.net
- DNS ASK st###eearly.net
- DNS ASK mi###eearly.net
- DNS ASK pr####ecatch.net
- DNS ASK de###ecatch.net
- DNS ASK re###tdress.net
- DNS ASK re####public.net
- DNS ASK br###ndress.net
- DNS ASK de####public.net
- DNS ASK pr####edress.net
- DNS ASK pr####epublic.net
- DNS ASK pr####eeearly.net
- DNS ASK de####eearly.net
- DNS ASK fe###wdress.net
- DNS ASK do###edress.net
- DNS ASK fe####public.net
- DNS ASK do###ecatch.net
- DNS ASK fe####eearly.net
- DNS ASK re####eearly.net
- DNS ASK br####public.net
- DNS ASK br####eearly.net
- DNS ASK br###ncatch.net
- DNS ASK re###tcatch.net
- ClassName: 'Shell_TrayWnd' WindowName: ''