Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Telephony Topology Debugger] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Telephony Topology Debugger] 'ImagePath' = 'C:\vxv064aon\xjwgterjek.exe'
- %WINDIR%\vxv064aon\mizhi5gkgtea
- C:\vxv064aon\mizhi5gkgtea
- C:\vxv064aon\nzlpznbnmw0vp5htpclz7kixk.exe
- C:\vxv064aon\xjwgterjek.exe
- C:\vxv064aon\xt2k1ddk.exe
- C:\vxv064aon\tfzucquibnr
- C:\vxv064aon\xjwgterjek.exe
- C:\vxv064aon\xt2k1ddk.exe
- %WINDIR%\vxv064aon\mizhi5gkgtea
- C:\vxv064aon\nzlpznbnmw0vp5htpclz7kixk.exe
- %WINDIR%\vxv064aon\mizhi5gkgtea
- DNS ASK si###ypeas.net
- DNS ASK na##top.ru
- DNS ASK pr##card.ru
- DNS ASK to###tosales.ru
- DNS ASK do##bate.cn
- DNS ASK ta#####pielenreiten.org
- DNS ASK cl####portsmen.com
- 'C:\vxv064aon\nzlpznbnmw0vp5htpclz7kixk.exe'
- 'C:\vxv064aon\xjwgterjek.exe'
- 'C:\vxv064aon\xt2k1ddk.exe' "c:\vxv064aon\xjwgterjek.exe"