Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Tablet Keying Center IKE User DHCP Superfetch' = '<SYSTEM32>\iizmpdfhwzov.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Task Counter Search Copy Profile] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\ewpltvdtq.exe' "<SYSTEM32>\iizmpdfhwzov.exe"
- '%WINDIR%\Temp\ns3xdh9qoiukyfcp.exe' -r 51449 tcp
- '%TEMP%\ns3xdhwtqk4jyfcprsbbyc.exe'
- '<SYSTEM32>\iizmpdfhwzov.exe'
- <SYSTEM32>\ksjaiijfrsfdi\run
- <SYSTEM32>\ksjaiijfrsfdi\rng
- %WINDIR%\Temp\ns3xdh9qoiukyfcp.exe
- <SYSTEM32>\ksjaiijfrsfdi\cfg
- <SYSTEM32>\ewpltvdtq.exe
- %TEMP%\ns3xdhwtqk4jyfcprsbbyc.exe
- <SYSTEM32>\ksjaiijfrsfdi\tst
- <SYSTEM32>\iizmpdfhwzov.exe
- <SYSTEM32>\ksjaiijfrsfdi\etc
- <SYSTEM32>\ewpltvdtq.exe
- <SYSTEM32>\iizmpdfhwzov.exe
- %WINDIR%\Temp\ns3xdh9qoiukyfcp.exe
- <DRIVERS>\etc\hosts
- %TEMP%\ns3xdhwtqk4jyfcprsbbyc.exe
- 'dr###pass.net':80
- 'th###ass.net':80
- 'th###gain.net':80
- 'fa###tand.net':80
- 'dr###again.net':80
- 'th###tand.net':80
- 'hu###blood.net':80
- 'dr###stand.net':80
- 'dr###sugar.net':80
- 'th###ugar.net':80
- 'wa###again.net':80
- 'fa###gain.net':80
- 'vi###stand.net':80
- 'vi###sugar.net':80
- 'sp###stand.net':80
- 'fa###ugar.net':80
- 'wa###stand.net':80
- 'wa###sugar.net':80
- 'wa###pass.net':80
- 'fa###ass.net':80
- 'ha###lood.net':80
- 'mu###full.net':80
- 'we###lood.net':80
- 'ya###ull.net':80
- 'ya###ose.net':80
- 'mu###lose.net':80
- 'we###ose.net':80
- 'sp###lose.net':80
- 'sp###daily.net':80
- 'sp###blood.net':80
- 'we###aily.net':80
- 'ha###ose.net':80
- 'hu###full.net':80
- 'hu###lose.net':80
- 'hu###daily.net':80
- 'ha###aily.net':80
- 'ya###aily.net':80
- 'mu###daily.net':80
- 'mu###blood.net':80
- 'ha###ull.net':80
- 'ya###lood.net':80
- 'sp###sugar.net':80
- 'sp###gain.net':80
- 'sa###gain.net':80
- 'wh###stand.net':80
- 'ef###tbuilt.net':80
- 'th###while.net':80
- 'sa###ugar.net':80
- 'sp###tand.net':80
- 'sp###ugar.net':80
- 'sp###ass.net':80
- 'sa###ass.net':80
- 'se####strong.net':80
- 'si######edwerryhouse.net':80
- 'de####promise.net':80
- 'or###thrown.net':80
- 'jo####ymeasure.net':80
- 'of####urprise.net':80
- 'ri###nstorm.net':80
- 'gw#####ynhuddleston.net':80
- 'mo####gduring.net':80
- 'ch####nother.net':80
- 'sa###tand.net':80
- 'gr###sugar.net':80
- 'eq###stand.net':80
- 'eq###sugar.net':80
- 'eq###pass.net':80
- 'gr###pass.net':80
- 'sp###pass.net':80
- 'vi###pass.net':80
- 'vi###again.net':80
- 'gr###stand.net':80
- 'sp###again.net':80
- 'ta###pass.net':80
- 'gl###ugar.net':80
- 'gl###ass.net':80
- 'gl###gain.net':80
- 'ta###again.net':80
- 'eq###again.net':80
- 'gr###again.net':80
- 'ta###stand.net':80
- 'ta###sugar.net':80
- 'gl###tand.net':80
- http://dr###pass.net/index.php
- http://th###ass.net/index.php
- http://th###gain.net/index.php
- http://fa###tand.net/index.php
- http://dr###again.net/index.php
- http://th###tand.net/index.php
- http://hu###blood.net/index.php
- http://dr###stand.net/index.php
- http://dr###sugar.net/index.php
- http://th###ugar.net/index.php
- http://wa###again.net/index.php
- http://fa###gain.net/index.php
- http://vi###stand.net/index.php
- http://vi###sugar.net/index.php
- http://sp###stand.net/index.php
- http://fa###ugar.net/index.php
- http://wa###stand.net/index.php
- http://wa###sugar.net/index.php
- http://wa###pass.net/index.php
- http://fa###ass.net/index.php
- http://ha###lood.net/index.php
- http://mu###full.net/index.php
- http://we###lood.net/index.php
- http://ya###ull.net/index.php
- http://ya###ose.net/index.php
- http://mu###lose.net/index.php
- http://we###ose.net/index.php
- http://sp###lose.net/index.php
- http://sp###daily.net/index.php
- http://sp###blood.net/index.php
- http://we###aily.net/index.php
- http://ha###ose.net/index.php
- http://hu###full.net/index.php
- http://hu###lose.net/index.php
- http://hu###daily.net/index.php
- http://ha###aily.net/index.php
- http://ya###aily.net/index.php
- http://mu###daily.net/index.php
- http://mu###blood.net/index.php
- http://ha###ull.net/index.php
- http://ya###lood.net/index.php
- http://sp###sugar.net/index.php
- http://sp###gain.net/index.php
- http://sa###gain.net/index.php
- http://wh###stand.net/index.php
- http://ef###tbuilt.net/index.php
- http://th###while.net/index.php
- http://sa###ugar.net/index.php
- http://sp###tand.net/index.php
- http://sp###ugar.net/index.php
- http://sp###ass.net/index.php
- http://sa###ass.net/index.php
- http://se####strong.net/index.php
- http://si######edwerryhouse.net/index.php
- http://de####promise.net/index.php
- http://or###thrown.net/index.php
- http://jo####ymeasure.net/index.php
- http://of####urprise.net/index.php
- http://ri###nstorm.net/index.php
- http://gw#####ynhuddleston.net/index.php
- http://mo####gduring.net/index.php
- http://ch####nother.net/index.php
- http://sa###tand.net/index.php
- http://gr###sugar.net/index.php
- http://eq###stand.net/index.php
- http://eq###sugar.net/index.php
- http://eq###pass.net/index.php
- http://gr###pass.net/index.php
- http://sp###pass.net/index.php
- http://vi###pass.net/index.php
- http://vi###again.net/index.php
- http://gr###stand.net/index.php
- http://sp###again.net/index.php
- http://ta###pass.net/index.php
- http://gl###ugar.net/index.php
- http://gl###ass.net/index.php
- http://gl###gain.net/index.php
- http://ta###again.net/index.php
- http://eq###again.net/index.php
- http://gr###again.net/index.php
- http://ta###stand.net/index.php
- http://ta###sugar.net/index.php
- http://gl###tand.net/index.php
- DNS ASK th###ass.net
- DNS ASK dr###sugar.net
- DNS ASK dr###pass.net
- DNS ASK dr###again.net
- DNS ASK th###gain.net
- DNS ASK hu###blood.net
- DNS ASK ha###lood.net
- DNS ASK th###tand.net
- DNS ASK th###ugar.net
- DNS ASK dr###stand.net
- DNS ASK fa###tand.net
- DNS ASK wa###again.net
- DNS ASK fa###gain.net
- DNS ASK vi###stand.net
- DNS ASK vi###sugar.net
- DNS ASK sp###stand.net
- DNS ASK fa###ugar.net
- DNS ASK wa###stand.net
- DNS ASK wa###sugar.net
- DNS ASK wa###pass.net
- DNS ASK fa###ass.net
- DNS ASK we###lood.net
- DNS ASK sp###blood.net
- DNS ASK mu###full.net
- DNS ASK mu###lose.net
- DNS ASK ya###ull.net
- DNS ASK sp###lose.net
- DNS ASK we###ull.net
- DNS ASK we###ose.net
- DNS ASK we###aily.net
- DNS ASK sp###daily.net
- DNS ASK ya###ose.net
- DNS ASK ha###ose.net
- DNS ASK hu###full.net
- DNS ASK hu###lose.net
- DNS ASK hu###daily.net
- DNS ASK ha###aily.net
- DNS ASK ya###aily.net
- DNS ASK mu###daily.net
- DNS ASK mu###blood.net
- DNS ASK ha###ull.net
- DNS ASK ya###lood.net
- DNS ASK sp###sugar.net
- DNS ASK sp###gain.net
- DNS ASK sa###gain.net
- DNS ASK wh###stand.net
- DNS ASK ef###tbuilt.net
- DNS ASK th###while.net
- DNS ASK sa###ugar.net
- DNS ASK sp###tand.net
- DNS ASK sp###ugar.net
- DNS ASK sp###ass.net
- DNS ASK sa###ass.net
- DNS ASK se####strong.net
- DNS ASK si######edwerryhouse.net
- DNS ASK de####promise.net
- DNS ASK or###thrown.net
- DNS ASK jo####ymeasure.net
- DNS ASK of####urprise.net
- DNS ASK ri###nstorm.net
- DNS ASK gw#####ynhuddleston.net
- DNS ASK mo####gduring.net
- DNS ASK ch####nother.net
- DNS ASK sa###tand.net
- DNS ASK gr###sugar.net
- DNS ASK eq###stand.net
- DNS ASK eq###sugar.net
- DNS ASK eq###pass.net
- DNS ASK gr###pass.net
- DNS ASK sp###pass.net
- DNS ASK vi###pass.net
- DNS ASK vi###again.net
- DNS ASK gr###stand.net
- DNS ASK sp###again.net
- DNS ASK ta###pass.net
- DNS ASK gl###ugar.net
- DNS ASK gl###ass.net
- DNS ASK gl###gain.net
- DNS ASK ta###again.net
- DNS ASK eq###again.net
- DNS ASK gr###again.net
- DNS ASK ta###stand.net
- DNS ASK ta###sugar.net
- DNS ASK gl###tand.net
- '23#.#55.255.250':1900