Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Cache UserMode Tunneling Transfer DCOM] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Cache UserMode Tunneling Transfer DCOM] 'ImagePath' = 'C:\pvckvohwevr\pmhusszvyg.exe'
- %WINDIR%\pvckvohwevr\vzvjoelmdgd
- C:\pvckvohwevr\vzvjoelmdgd
- C:\pvckvohwevr\ippezohamnwxdh9lsb.exe
- C:\pvckvohwevr\pmhusszvyg.exe
- C:\pvckvohwevr\sfiaygh.exe
- C:\pvckvohwevr\s0pczreilrp
- C:\pvckvohwevr\pmhusszvyg.exe
- C:\pvckvohwevr\sfiaygh.exe
- %WINDIR%\pvckvohwevr\vzvjoelmdgd
- C:\pvckvohwevr\ippezohamnwxdh9lsb.exe
- %WINDIR%\pvckvohwevr\vzvjoelmdgd
- '67.##.64.252':27314
- '18#.#45.182.189':37331
- '94.##1.114.138':44254
- '79.##5.10.236':21201
- '19#.#45.26.50':31421
- '83.##0.248.151':23268
- '86.##5.219.12':21375
- 'C:\pvckvohwevr\ippezohamnwxdh9lsb.exe'
- 'C:\pvckvohwevr\pmhusszvyg.exe'
- 'C:\pvckvohwevr\sfiaygh.exe' "c:\pvckvohwevr\pmhusszvyg.exe"