Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Config Input IPsec NGEN Window File TPM List' = '<SYSTEM32>\pzcjqohqxlyy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Font Problem Connection Application Studio] 'ImagePath' = '<SYSTEM32>\pzcjqohqxlyy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Font Problem Connection Application Studio] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\cmipxosilau.exe' "<SYSTEM32>\pzcjqohqxlyy.exe"
- '%WINDIR%\Temp\igeaf5j2p8vnfv.exe' -r 21709 tcp
- '%TEMP%\igeaf5j2ku0nfvw1lpbo.exe'
- '<SYSTEM32>\pzcjqohqxlyy.exe'
- <SYSTEM32>\jyeviyyuhor\run
- <SYSTEM32>\jyeviyyuhor\rng
- %WINDIR%\Temp\igeaf5j2p8vnfv.exe
- <SYSTEM32>\jyeviyyuhor\cfg
- <SYSTEM32>\cmipxosilau.exe
- %TEMP%\igeaf5j2ku0nfvw1lpbo.exe
- <SYSTEM32>\jyeviyyuhor\tst
- <SYSTEM32>\pzcjqohqxlyy.exe
- <SYSTEM32>\jyeviyyuhor\etc
- <SYSTEM32>\cmipxosilau.exe
- <SYSTEM32>\pzcjqohqxlyy.exe
- %WINDIR%\Temp\igeaf5j2p8vnfv.exe
- <DRIVERS>\etc\hosts
- %TEMP%\igeaf5j2ku0nfvw1lpbo.exe
- 'fo###left.net':80
- 'af####hirteen.net':80
- 'af###left.net':80
- 'af###hope.net':80
- 'fo###hope.net':80
- 'fo####hirteen.net':80
- 'we####dayhope.net':80
- 'se###eft.net':80
- 'se###ope.net':80
- 'af###hurry.net':80
- 'fo###hurry.net':80
- 'st###hope.net':80
- 'we###ope.net':80
- 'wa###urry.net':80
- 'wa####irteen.net':80
- 'mo###hurry.net':80
- 'st###left.net':80
- 'st###hurry.net':80
- 'we###urry.net':80
- 'we####irteen.net':80
- 'we###eft.net':80
- 'st####hirteen.net':80
- 'qu###wild.net':80
- 'fi###june.net':80
- 'fi###wild.net':80
- 'dr###hurry.net':80
- 'na###urry.net':80
- 'qu###june.net':80
- 'qu###kind.net':80
- 'bo###ild.net':80
- 'fi###kind.net':80
- 'fi###began.net':80
- 'qu###began.net':80
- 'se###urry.net':80
- 'we####dayhurry.net':80
- 'we#####aythirteen.net':80
- 'we####dayleft.net':80
- 'se####irteen.net':80
- 'dr###hope.net':80
- 'dr####hirteen.net':80
- 'na####irteen.net':80
- 'na###eft.net':80
- 'na###ope.net':80
- 'dr###left.net':80
- 'mo####hirteen.net':80
- 'dr###count.net':80
- 'na###ount.net':80
- 'na###ell.net':80
- 'na###our.net':80
- 'dr###fell.net':80
- 'fi###hope.net':80
- 'fi####hirteen.net':80
- 'qu####hirteen.net':80
- 'qu###left.net':80
- 'qu###hope.net':80
- 'fi###left.net':80
- 'de###lxc.com':80
- 'se###ell.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'we####dayfell.net':80
- 'na###ompe.net':80
- 'dr###hour.net':80
- 'dr###compe.net':80
- 'se###ount.net':80
- 'we####daycount.net':80
- 'le####hirteen.net':80
- 'fa####irteen.net':80
- 'fa###eft.net':80
- 'fa###ope.net':80
- 'le###left.net':80
- 'le###hurry.net':80
- 'mo###left.net':80
- 'wa###eft.net':80
- 'wa###ope.net':80
- 'fa###urry.net':80
- 'mo###hope.net':80
- 'ga###ope.net':80
- 'bo###eft.net':80
- 'bo###ope.net':80
- 'fi###hurry.net':80
- 'qu###hurry.net':80
- 'ga###eft.net':80
- 'ga###urry.net':80
- 'le###hope.net':80
- 'bo###urry.net':80
- 'bo####irteen.net':80
- 'ga####irteen.net':80
- http://fo###left.net/index.php
- http://af####hirteen.net/index.php
- http://af###left.net/index.php
- http://af###hope.net/index.php
- http://fo###hope.net/index.php
- http://fo####hirteen.net/index.php
- http://we####dayhope.net/index.php
- http://se###eft.net/index.php
- http://se###ope.net/index.php
- http://af###hurry.net/index.php
- http://fo###hurry.net/index.php
- http://st###hope.net/index.php
- http://we###ope.net/index.php
- http://wa###urry.net/index.php
- http://wa####irteen.net/index.php
- http://mo###hurry.net/index.php
- http://st###left.net/index.php
- http://st###hurry.net/index.php
- http://we###urry.net/index.php
- http://we####irteen.net/index.php
- http://we###eft.net/index.php
- http://st####hirteen.net/index.php
- http://qu###wild.net/index.php
- http://fi###june.net/index.php
- http://fi###wild.net/index.php
- http://dr###hurry.net/index.php
- http://na###urry.net/index.php
- http://qu###june.net/index.php
- http://qu###kind.net/index.php
- http://bo###ild.net/index.php
- http://fi###kind.net/index.php
- http://fi###began.net/index.php
- http://qu###began.net/index.php
- http://se###urry.net/index.php
- http://we####dayhurry.net/index.php
- http://we#####aythirteen.net/index.php
- http://we####dayleft.net/index.php
- http://se####irteen.net/index.php
- http://dr###hope.net/index.php
- http://dr####hirteen.net/index.php
- http://na####irteen.net/index.php
- http://na###eft.net/index.php
- http://na###ope.net/index.php
- http://dr###left.net/index.php
- http://mo####hirteen.net/index.php
- http://dr###count.net/index.php
- http://na###ount.net/index.php
- http://na###ell.net/index.php
- http://na###our.net/index.php
- http://dr###fell.net/index.php
- http://fi###hope.net/index.php
- http://fi####hirteen.net/index.php
- http://qu####hirteen.net/index.php
- http://qu###left.net/index.php
- http://qu###hope.net/index.php
- http://fi###left.net/index.php
- http://de###lxc.com/index.php
- http://se###ell.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://we####dayfell.net/index.php
- http://na###ompe.net/index.php
- http://dr###hour.net/index.php
- http://dr###compe.net/index.php
- http://se###ount.net/index.php
- http://we####daycount.net/index.php
- http://le####hirteen.net/index.php
- http://fa####irteen.net/index.php
- http://fa###eft.net/index.php
- http://fa###ope.net/index.php
- http://le###left.net/index.php
- http://le###hurry.net/index.php
- http://mo###left.net/index.php
- http://wa###eft.net/index.php
- http://wa###ope.net/index.php
- http://fa###urry.net/index.php
- http://mo###hope.net/index.php
- http://ga###ope.net/index.php
- http://bo###eft.net/index.php
- http://bo###ope.net/index.php
- http://fi###hurry.net/index.php
- http://qu###hurry.net/index.php
- http://ga###eft.net/index.php
- http://ga###urry.net/index.php
- http://le###hope.net/index.php
- http://bo###urry.net/index.php
- http://bo####irteen.net/index.php
- http://ga####irteen.net/index.php
- DNS ASK af###left.net
- DNS ASK fo###left.net
- DNS ASK fo###hope.net
- DNS ASK we###urry.net
- DNS ASK af###hope.net
- DNS ASK af####hirteen.net
- DNS ASK se###ope.net
- DNS ASK we####dayhope.net
- DNS ASK fo###hurry.net
- DNS ASK fo####hirteen.net
- DNS ASK af###hurry.net
- DNS ASK wa###urry.net
- DNS ASK st###hope.net
- DNS ASK mo###hurry.net
- DNS ASK mo####hirteen.net
- DNS ASK wa####irteen.net
- DNS ASK we###ope.net
- DNS ASK we####irteen.net
- DNS ASK st###hurry.net
- DNS ASK st####hirteen.net
- DNS ASK st###left.net
- DNS ASK we###eft.net
- DNS ASK se###eft.net
- DNS ASK qu###wild.net
- DNS ASK fi###june.net
- DNS ASK fi###wild.net
- DNS ASK dr###hurry.net
- DNS ASK na###urry.net
- DNS ASK qu###june.net
- DNS ASK qu###kind.net
- DNS ASK bo###ild.net
- DNS ASK fi###kind.net
- DNS ASK fi###began.net
- DNS ASK qu###began.net
- DNS ASK se###urry.net
- DNS ASK we####dayhurry.net
- DNS ASK we#####aythirteen.net
- DNS ASK we####dayleft.net
- DNS ASK se####irteen.net
- DNS ASK dr###hope.net
- DNS ASK dr####hirteen.net
- DNS ASK na####irteen.net
- DNS ASK na###eft.net
- DNS ASK na###ope.net
- DNS ASK dr###left.net
- DNS ASK dr###count.net
- DNS ASK na###ount.net
- DNS ASK na###ell.net
- DNS ASK na###our.net
- DNS ASK dr###fell.net
- DNS ASK fi###hope.net
- DNS ASK fi####hirteen.net
- DNS ASK qu####hirteen.net
- DNS ASK qu###left.net
- DNS ASK qu###hope.net
- DNS ASK fi###left.net
- DNS ASK de###lxc.com
- DNS ASK se###ell.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK we####dayfell.net
- DNS ASK na###ompe.net
- DNS ASK dr###hour.net
- DNS ASK dr###compe.net
- DNS ASK se###ount.net
- DNS ASK we####daycount.net
- DNS ASK le####hirteen.net
- DNS ASK fa####irteen.net
- DNS ASK fa###eft.net
- DNS ASK fa###ope.net
- DNS ASK le###left.net
- DNS ASK le###hurry.net
- DNS ASK mo###left.net
- DNS ASK wa###eft.net
- DNS ASK wa###ope.net
- DNS ASK fa###urry.net
- DNS ASK mo###hope.net
- DNS ASK ga###ope.net
- DNS ASK bo###eft.net
- DNS ASK bo###ope.net
- DNS ASK fi###hurry.net
- DNS ASK qu###hurry.net
- DNS ASK ga###eft.net
- DNS ASK ga###urry.net
- DNS ASK le###hope.net
- DNS ASK bo###urry.net
- DNS ASK bo####irteen.net
- DNS ASK ga####irteen.net
- '23#.#55.255.250':1900