Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UserMode Call Resource Player' = '<SYSTEM32>\mvvwghufcgr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Experience Sharing Cache Connections Config] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\opbdssnxm.exe' "<SYSTEM32>\mvvwghufcgr.exe"
- '%WINDIR%\Temp\dgsnkv2pt9aozwz.exe' -r 42243 tcp
- '%TEMP%\dgsnkv2l8raozwzqcrsuk.exe'
- '<SYSTEM32>\mvvwghufcgr.exe'
- <SYSTEM32>\cxtyqfvcqjssnlk\run
- <SYSTEM32>\cxtyqfvcqjssnlk\rng
- %WINDIR%\Temp\dgsnkv2pt9aozwz.exe
- <SYSTEM32>\cxtyqfvcqjssnlk\cfg
- <SYSTEM32>\opbdssnxm.exe
- %TEMP%\dgsnkv2l8raozwzqcrsuk.exe
- <SYSTEM32>\cxtyqfvcqjssnlk\tst
- <SYSTEM32>\mvvwghufcgr.exe
- <SYSTEM32>\cxtyqfvcqjssnlk\etc
- <SYSTEM32>\opbdssnxm.exe
- <SYSTEM32>\mvvwghufcgr.exe
- %WINDIR%\Temp\dgsnkv2pt9aozwz.exe
- <DRIVERS>\etc\hosts
- %TEMP%\dgsnkv2l8raozwzqcrsuk.exe
- 'ta###late.net':80
- 'eq###half.net':80
- 'gl###ate.net':80
- 'gl###uide.net':80
- 'ta###guide.net':80
- 'gr###half.net':80
- 'gr###guide.net':80
- 'eq###late.net':80
- 'eq###guide.net':80
- 'eq###name.net':80
- 'gr###name.net':80
- 'sp###uide.net':80
- 'sa###uide.net':80
- 'sa###ame.net':80
- 'sa###alf.net':80
- 'sp###ame.net':80
- 'sp###ate.net':80
- 'gl###ame.net':80
- 'ta###name.net':80
- 'ta###half.net':80
- 'sa###ate.net':80
- 'gl###alf.net':80
- 'fa###uide.net':80
- 'wa###late.net':80
- 'wa###guide.net':80
- 'wa###name.net':80
- 'fa###ame.net':80
- 'fa###ate.net':80
- 'th###ame.net':80
- 'dr###guide.net':80
- 'dr###name.net':80
- 'dr###half.net':80
- 'th###alf.net':80
- 'sp###name.net':80
- 'vi###name.net':80
- 'vi###half.net':80
- 'gr###late.net':80
- 'sp###half.net':80
- 'sp###guide.net':80
- 'wa###half.net':80
- 'fa###alf.net':80
- 'vi###late.net':80
- 'vi###guide.net':80
- 'sp###late.net':80
- 'fa###igh.net':80
- 'wa###color.net':80
- 'wa###high.net':80
- 'wa###feel.net':80
- 'fa###eel.net':80
- 'fa###olor.net':80
- 'th###eel.net':80
- 'dr###high.net':80
- 'dr###feel.net':80
- 'wa###only.net':80
- 'fa###nly.net':80
- 'de###lxc.com':80
- 'vi###feel.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'sp###high.net':80
- 'sp###only.net':80
- 'vi###only.net':80
- 'vi###color.net':80
- 'vi###high.net':80
- 'sp###color.net':80
- 'wh###half.net':80
- 'up###ame.net':80
- 'up###alf.net':80
- 'ar###late.net':80
- 'so###late.net':80
- 'wh###name.net':80
- 'wh###late.net':80
- 'sp###alf.net':80
- 'up###ate.net':80
- 'up###uide.net':80
- 'wh###guide.net':80
- 'dr###only.net':80
- 'th###nly.net':80
- 'th###olor.net':80
- 'th###igh.net':80
- 'dr###color.net':80
- 'ar###half.net':80
- 'ar###guide.net':80
- 'so###guide.net':80
- 'so###name.net':80
- 'so###half.net':80
- 'ar###name.net':80
- http://ta###late.net/index.php
- http://eq###half.net/index.php
- http://gl###ate.net/index.php
- http://gl###uide.net/index.php
- http://ta###guide.net/index.php
- http://gr###half.net/index.php
- http://gr###guide.net/index.php
- http://eq###late.net/index.php
- http://eq###guide.net/index.php
- http://eq###name.net/index.php
- http://gr###name.net/index.php
- http://sp###uide.net/index.php
- http://sa###uide.net/index.php
- http://sa###ame.net/index.php
- http://sa###alf.net/index.php
- http://sp###ame.net/index.php
- http://sp###ate.net/index.php
- http://gl###ame.net/index.php
- http://ta###name.net/index.php
- http://ta###half.net/index.php
- http://sa###ate.net/index.php
- http://gl###alf.net/index.php
- http://fa###uide.net/index.php
- http://wa###late.net/index.php
- http://wa###guide.net/index.php
- http://wa###name.net/index.php
- http://fa###ame.net/index.php
- http://fa###ate.net/index.php
- http://th###ame.net/index.php
- http://dr###guide.net/index.php
- http://dr###name.net/index.php
- http://dr###half.net/index.php
- http://th###alf.net/index.php
- http://sp###name.net/index.php
- http://vi###name.net/index.php
- http://vi###half.net/index.php
- http://gr###late.net/index.php
- http://sp###half.net/index.php
- http://sp###guide.net/index.php
- http://wa###half.net/index.php
- http://fa###alf.net/index.php
- http://vi###late.net/index.php
- http://vi###guide.net/index.php
- http://sp###late.net/index.php
- http://fa###igh.net/index.php
- http://wa###color.net/index.php
- http://wa###high.net/index.php
- http://wa###feel.net/index.php
- http://fa###eel.net/index.php
- http://fa###olor.net/index.php
- http://th###eel.net/index.php
- http://dr###high.net/index.php
- http://dr###feel.net/index.php
- http://wa###only.net/index.php
- http://fa###nly.net/index.php
- http://de###lxc.com/index.php
- http://vi###feel.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://sp###high.net/index.php
- http://sp###only.net/index.php
- http://vi###only.net/index.php
- http://vi###color.net/index.php
- http://vi###high.net/index.php
- http://sp###color.net/index.php
- http://wh###half.net/index.php
- http://up###ame.net/index.php
- http://up###alf.net/index.php
- http://ar###late.net/index.php
- http://so###late.net/index.php
- http://wh###name.net/index.php
- http://wh###late.net/index.php
- http://sp###alf.net/index.php
- http://up###ate.net/index.php
- http://up###uide.net/index.php
- http://wh###guide.net/index.php
- http://dr###only.net/index.php
- http://th###nly.net/index.php
- http://th###olor.net/index.php
- http://th###igh.net/index.php
- http://dr###color.net/index.php
- http://ar###half.net/index.php
- http://ar###guide.net/index.php
- http://so###guide.net/index.php
- http://so###name.net/index.php
- http://so###half.net/index.php
- http://ar###name.net/index.php
- DNS ASK ta###late.net
- DNS ASK eq###half.net
- DNS ASK gl###ate.net
- DNS ASK gl###uide.net
- DNS ASK ta###guide.net
- DNS ASK gr###half.net
- DNS ASK gr###guide.net
- DNS ASK eq###late.net
- DNS ASK eq###guide.net
- DNS ASK eq###name.net
- DNS ASK gr###name.net
- DNS ASK sp###uide.net
- DNS ASK sa###uide.net
- DNS ASK sa###ame.net
- DNS ASK sa###alf.net
- DNS ASK sp###ame.net
- DNS ASK sp###ate.net
- DNS ASK gl###ame.net
- DNS ASK ta###name.net
- DNS ASK ta###half.net
- DNS ASK sa###ate.net
- DNS ASK gl###alf.net
- DNS ASK gr###late.net
- DNS ASK wa###late.net
- DNS ASK fa###ate.net
- DNS ASK fa###uide.net
- DNS ASK fa###ame.net
- DNS ASK wa###guide.net
- DNS ASK dr###half.net
- DNS ASK dr###guide.net
- DNS ASK th###uide.net
- DNS ASK th###ame.net
- DNS ASK th###alf.net
- DNS ASK dr###name.net
- DNS ASK vi###name.net
- DNS ASK sp###guide.net
- DNS ASK sp###name.net
- DNS ASK sp###half.net
- DNS ASK vi###half.net
- DNS ASK vi###guide.net
- DNS ASK fa###alf.net
- DNS ASK wa###name.net
- DNS ASK wa###half.net
- DNS ASK sp###late.net
- DNS ASK vi###late.net
- DNS ASK fa###igh.net
- DNS ASK wa###color.net
- DNS ASK wa###high.net
- DNS ASK wa###feel.net
- DNS ASK fa###eel.net
- DNS ASK fa###olor.net
- DNS ASK th###eel.net
- DNS ASK dr###high.net
- DNS ASK dr###feel.net
- DNS ASK wa###only.net
- DNS ASK fa###nly.net
- DNS ASK de###lxc.com
- DNS ASK vi###feel.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK sp###high.net
- DNS ASK sp###only.net
- DNS ASK vi###only.net
- DNS ASK vi###color.net
- DNS ASK vi###high.net
- DNS ASK sp###color.net
- DNS ASK wh###half.net
- DNS ASK up###ame.net
- DNS ASK up###alf.net
- DNS ASK ar###late.net
- DNS ASK so###late.net
- DNS ASK wh###name.net
- DNS ASK wh###late.net
- DNS ASK sp###alf.net
- DNS ASK up###ate.net
- DNS ASK up###uide.net
- DNS ASK wh###guide.net
- DNS ASK dr###only.net
- DNS ASK th###nly.net
- DNS ASK th###olor.net
- DNS ASK th###igh.net
- DNS ASK dr###color.net
- DNS ASK ar###half.net
- DNS ASK ar###guide.net
- DNS ASK so###guide.net
- DNS ASK so###name.net
- DNS ASK so###half.net
- DNS ASK ar###name.net
- '23#.#55.255.250':1900