Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\C5f511kKH8BrTqB] 'ImagePath' = '%HOMEPATH%\Pictures\4e6wHa3y873J07.sys'
- [<HKLM>\System\CurrentControlSet\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B}] 'Start' = '00000000'
- [<HKLM>\System\CurrentControlSet\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B}] 'ImagePath' = 'system32\drivers\lg0iWo6ltOrQ.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\0ag0H4O] 'ImagePath' = '%HOMEPATH%\Pictures\4e6wHa3y873J07.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\7Mnhcjbcbo1U] 'ImagePath' = '%HOMEPATH%\Pictures\4e6wHa3y873J07.sys'
- 'C5f511kKH8BrTqB' %HOMEPATH%\Pictures\4e6wHa3y873J07.sys
- %HOMEPATH%\pictures\4e6wha3y873j07.sys
- <SYSTEM32>\config\000000
- <SYSTEM32>\config\000000.log1
- http://x1.##cdm.com/000/003
- http://h1.##cdm.com/78zecv
- http://h1.##cdm.com/6etzc2710gprsapz08ua4zk
- http://h1.##leaq.com/6etzc2710gprsapz08ua4zk
- DNS ASK ip###ger.org
- DNS ASK h1.##cdm.com
- DNS ASK x1.##cdm.com
- DNS ASK h2.##cdm.com
- DNS ASK h1.##leaq.com