Technical Information
- [HKLM\System\CurrentControlSet\Services\yhublskzx] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\yhublskzx] 'ImagePath' = '<SYSTEM32>\networks.exe yhublskzx'
- 'yhublskzx' <SYSTEM32>\networks.exe yhublskzx
- <SYSTEM32>\networks.exe
- from <Full path to file> to <SYSTEM32>\wostmp\_1823828267_741334686
- '1.###.248.27':27930
- '18#.#8.212.176':27930
- '12#.#60.154.252':27930
- '11#.#10.212.150':27930
- '10#.#16.52.20':27930
- '10.#0.20.67':27930
- '10.#0.0.73':27930
- '10.#0.0.61':27930
- '<LOCALNET>.67.6':27930
- '10.#8.1.55':27930
- '10#.#1.194.192':16800
- '<LOCALNET>.67.5':27930
- '<LOCALNET>.67.4':27930
- '<LOCALNET>.67.3':27930
- '<LOCALNET>.67.2':27930
- '14.#92.2.37':27930
- '<LOCALNET>.67.1':27930
- '<LOCALNET>.67.0':27930
- '18#.#1.63.214':27930
- '22#.#1.122.230':27930
- '<SYSTEM32>\networks.exe' yhublskzx