Technical Information
- [<HKLM>\System\CurrentControlSet\Services\HomeGroupListenerSys] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\HomeGroupListenerSys] 'ImagePath' = '<SYSTEM32>\com\svchost.exe'
- 'HomeGroupListenerSys' <SYSTEM32>\com\svchost.exe
- %WINDIR%\syswow64\svchost.exe
- %ALLUSERSPROFILE%\mozilla\vl8qvlekz1dfcgupvw.bin
- %WINDIR%\syswow64\com\svchost.exe
- %ALLUSERSPROFILE%\mozilla\vl8qvlekz1dfcgupvw.bin
- %WINDIR%\syswow64\com\svchost.exe
- '31.##1.17.128':443
- 'ad####ureseller.com':80
- http://ad####ureseller.com/RGMSSRVhO6a5IAc-RU46vs6KNYh5hP79ML8BmwuKIVNvAgLh598K40dArG79jdJ.qALKdLb2xaEIh9g8J3rgs6KaFkxoecStpbpL8C1RT/lz9YK9HPCPRKLB3VCXrELEc7fGHWrub.shtml
- http://ad####ureseller.com/l/xYzwNWXCkA81B33j4vhhqjz3s7Is0enI9Ta2Jsh2.cgi?OO##############################
- DNS ASK ad####ureseller.com
- '%WINDIR%\syswow64\svchost.exe' -k netsvcs