Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Health Copy Process KtmRm Redirector Browser' = 'C:\hognwdkkgncimtm\lmtwjehunbd.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Link-Layer Ordering Networking Alerts] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Link-Layer Ordering Networking Alerts] 'ImagePath' = 'C:\hognwdkkgncimtm\lmtwjehunbd.exe'
- %WINDIR%\hognwdkkgncimtm\hazpld
- C:\hognwdkkgncimtm\hazpld
- C:\hognwdkkgncimtm\zz2pjphylxtmxs.exe
- C:\hognwdkkgncimtm\lmtwjehunbd.exe
- C:\hognwdkkgncimtm\lzqohyupedfy.exe
- C:\hognwdkkgncimtm\lmtwjehunbd.exe
- C:\hognwdkkgncimtm\lzqohyupedfy.exe
- %WINDIR%\hognwdkkgncimtm\hazpld
- C:\hognwdkkgncimtm\zz2pjphylxtmxs.exe
- %WINDIR%\hognwdkkgncimtm\hazpld
- 'an####become.net':80
- 'gl####houlder.net':80
- 'an####shoulder.net':80
- 'gl###above.net':80
- 'an###rabove.net':80
- 'gl###until.net':80
- 'an###runtil.net':80
- 'fo####dfinger.net':80
- 'de####finger.net':80
- 'fo####dshoulder.net':80
- 'de####shoulder.net':80
- 'fo####dabove.net':80
- 'de###eabove.net':80
- 'fo####duntil.net':80
- 'de###euntil.net':80
- 're####company.net':80
- 'va####scompany.net':80
- 're####become.net':80
- 're###ncover.net':80
- 'va####sbecome.net':80
- 'an####finger.net':80
- 'gl###finger.net':80
- 're####euntil.net':80
- 'or###until.net':80
- 'ne####aryfinger.net':80
- 'pl####ntfinger.net':80
- 'ne#####ryshoulder.net':80
- 'pl#####tshoulder.net':80
- 'ne####aryabove.net':80
- 'pl####ntabove.net':80
- 'pl####ntuntil.net':80
- 'le###rcover.net':80
- 'he###finger.net':80
- 'di####ultfinger.net':80
- 'he####houlder.net':80
- 'di#####ltshoulder.net':80
- 'he###above.net':80
- 'di####ultabove.net':80
- 'he###until.net':80
- 'di####ultuntil.net':80
- 'va####scover.net':80
- 're####further.net':80
- 'va####sfurther.net':80
- 'pl####ntbecome.net':80
- 'ne####arycover.net':80
- 'pl####ntcover.net':80
- 'ne#####ryfurther.net':80
- 'pl####ntfurther.net':80
- 'he####ompany.net':80
- 'di#####ltcompany.net':80
- 'he###become.net':80
- 'di####ultbecome.net':80
- 'he###cover.net':80
- 'di####ultcover.net':80
- 'he####urther.net':80
- 'di#####ltfurther.net':80
- 'gl####ompany.net':80
- 'an####company.net':80
- 'gl###become.net':80
- 'pl####ntcompany.net':80
- 'ne#####rycompany.net':80
- 'ne####arybecome.net':80
- 'or####urther.net':80
- 'ge####company.net':80
- 're####efurther.net':80
- 'ge####become.net':80
- 'ge###ecover.net':80
- 'ge####further.net':80
- 'he####company.net':80
- 'le####company.net':80
- 'he####become.net':80
- 'le####become.net':80
- 'ne####aryuntil.net':80
- 'or###above.net':80
- 'he####further.net':80
- 'le####further.net':80
- 're####ecompany.net':80
- 'or####ompany.net':80
- 're####ebecome.net':80
- 'or###become.net':80
- 're####ecover.net':80
- 'or###cover.net':80
- 'he###ncover.net':80
- 're####eabove.net':80
- http://an####become.net/index.php
- http://gl####houlder.net/index.php
- http://an####shoulder.net/index.php
- http://gl###above.net/index.php
- http://an###rabove.net/index.php
- http://gl###until.net/index.php
- http://an###runtil.net/index.php
- http://fo####dfinger.net/index.php
- http://de####finger.net/index.php
- http://fo####dshoulder.net/index.php
- http://de####shoulder.net/index.php
- http://fo####dabove.net/index.php
- http://de###eabove.net/index.php
- http://fo####duntil.net/index.php
- http://de###euntil.net/index.php
- http://re####company.net/index.php
- http://va####scompany.net/index.php
- http://re####become.net/index.php
- http://re###ncover.net/index.php
- http://va####sbecome.net/index.php
- http://an####finger.net/index.php
- http://gl###finger.net/index.php
- http://re####euntil.net/index.php
- http://or###until.net/index.php
- http://ne####aryfinger.net/index.php
- http://pl####ntfinger.net/index.php
- http://ne#####ryshoulder.net/index.php
- http://pl#####tshoulder.net/index.php
- http://ne####aryabove.net/index.php
- http://pl####ntabove.net/index.php
- http://pl####ntuntil.net/index.php
- http://le###rcover.net/index.php
- http://he###finger.net/index.php
- http://di####ultfinger.net/index.php
- http://he####houlder.net/index.php
- http://di#####ltshoulder.net/index.php
- http://he###above.net/index.php
- http://di####ultabove.net/index.php
- http://he###until.net/index.php
- http://di####ultuntil.net/index.php
- http://va####scover.net/index.php
- http://re####further.net/index.php
- http://va####sfurther.net/index.php
- http://pl####ntbecome.net/index.php
- http://ne####arycover.net/index.php
- http://pl####ntcover.net/index.php
- http://ne#####ryfurther.net/index.php
- http://pl####ntfurther.net/index.php
- http://he####ompany.net/index.php
- http://di#####ltcompany.net/index.php
- http://he###become.net/index.php
- http://di####ultbecome.net/index.php
- http://he###cover.net/index.php
- http://di####ultcover.net/index.php
- http://he####urther.net/index.php
- http://di#####ltfurther.net/index.php
- http://gl####ompany.net/index.php
- http://an####company.net/index.php
- http://gl###become.net/index.php
- http://pl####ntcompany.net/index.php
- http://ne#####rycompany.net/index.php
- http://ne####arybecome.net/index.php
- http://or####urther.net/index.php
- http://ge####company.net/index.php
- http://re####efurther.net/index.php
- http://ge####become.net/index.php
- http://ge###ecover.net/index.php
- http://ge####further.net/index.php
- http://he####company.net/index.php
- http://le####company.net/index.php
- http://he####become.net/index.php
- http://le####become.net/index.php
- http://ne####aryuntil.net/index.php
- http://or###above.net/index.php
- http://he####further.net/index.php
- http://le####further.net/index.php
- http://re####ecompany.net/index.php
- http://or####ompany.net/index.php
- http://re####ebecome.net/index.php
- http://or###become.net/index.php
- http://re####ecover.net/index.php
- http://or###cover.net/index.php
- http://he###ncover.net/index.php
- http://re####eabove.net/index.php
- DNS ASK an####become.net
- DNS ASK an####shoulder.net
- DNS ASK gl###above.net
- DNS ASK an###rabove.net
- DNS ASK gl###until.net
- DNS ASK an###runtil.net
- DNS ASK fo####dfinger.net
- DNS ASK de####finger.net
- DNS ASK fo####dshoulder.net
- DNS ASK de####shoulder.net
- DNS ASK fo####dabove.net
- DNS ASK de###eabove.net
- DNS ASK fo####duntil.net
- DNS ASK de###euntil.net
- DNS ASK re####company.net
- DNS ASK va####scompany.net
- DNS ASK re####become.net
- DNS ASK va####sbecome.net
- DNS ASK gl####houlder.net
- DNS ASK an####finger.net
- DNS ASK gl###finger.net
- DNS ASK di####ultuntil.net
- DNS ASK or###above.net
- DNS ASK re####euntil.net
- DNS ASK or###until.net
- DNS ASK ne####aryfinger.net
- DNS ASK pl####ntfinger.net
- DNS ASK ne#####ryshoulder.net
- DNS ASK pl#####tshoulder.net
- DNS ASK ne####aryabove.net
- DNS ASK ne####aryuntil.net
- DNS ASK pl####ntabove.net
- DNS ASK pl####ntuntil.net
- DNS ASK he###finger.net
- DNS ASK di####ultfinger.net
- DNS ASK he####houlder.net
- DNS ASK di#####ltshoulder.net
- DNS ASK he###above.net
- DNS ASK di####ultabove.net
- DNS ASK he###until.net
- DNS ASK re####eabove.net
- DNS ASK re###ncover.net
- DNS ASK va####scover.net
- DNS ASK re####further.net
- DNS ASK ne####arybecome.net
- DNS ASK pl####ntbecome.net
- DNS ASK ne####arycover.net
- DNS ASK pl####ntcover.net
- DNS ASK ne#####ryfurther.net
- DNS ASK pl####ntfurther.net
- DNS ASK he####ompany.net
- DNS ASK di#####ltcompany.net
- DNS ASK he###become.net
- DNS ASK di####ultbecome.net
- DNS ASK he###cover.net
- DNS ASK di####ultcover.net
- DNS ASK he####urther.net
- DNS ASK di#####ltfurther.net
- DNS ASK gl####ompany.net
- DNS ASK an####company.net
- DNS ASK gl###become.net
- DNS ASK pl####ntcompany.net
- DNS ASK ne#####rycompany.net
- DNS ASK or####urther.net
- DNS ASK re####efurther.net
- DNS ASK ge####company.net
- DNS ASK ge####become.net
- DNS ASK ge###ecover.net
- DNS ASK ge####further.net
- DNS ASK he####company.net
- DNS ASK le####company.net
- DNS ASK he####become.net
- DNS ASK le####become.net
- DNS ASK le###rcover.net
- DNS ASK he###ncover.net
- DNS ASK he####further.net
- DNS ASK le####further.net
- DNS ASK re####ecompany.net
- DNS ASK or####ompany.net
- DNS ASK re####ebecome.net
- DNS ASK or###become.net
- DNS ASK re####ecover.net
- DNS ASK or###cover.net
- DNS ASK va####sfurther.net
- DNS ASK or####houlder.net
- 'C:\hognwdkkgncimtm\zz2pjphylxtmxs.exe'
- 'C:\hognwdkkgncimtm\lmtwjehunbd.exe'
- 'C:\hognwdkkgncimtm\lzqohyupedfy.exe' "c:\hognwdkkgncimtm\lmtwjehunbd.exe"