Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'List System Media Auto Cache SPP Offline' = '<SYSTEM32>\xhmuvzyojfv.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Networking Microsoft Workstation Mapper] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\gslqcvnhpxe.exe' "<SYSTEM32>\xhmuvzyojfv.exe"
- '%WINDIR%\Temp\m8rawxe35canvm.exe' -r 50003 tcp
- '%TEMP%\m8rawxe3058nvmiilqceh.exe'
- '<SYSTEM32>\xhmuvzyojfv.exe'
- <SYSTEM32>\gmurkkjqcvhfqv\run
- <SYSTEM32>\gmurkkjqcvhfqv\rng
- %WINDIR%\Temp\m8rawxe35canvm.exe
- <SYSTEM32>\gmurkkjqcvhfqv\cfg
- <SYSTEM32>\gslqcvnhpxe.exe
- %TEMP%\m8rawxe3058nvmiilqceh.exe
- <SYSTEM32>\gmurkkjqcvhfqv\tst
- <SYSTEM32>\xhmuvzyojfv.exe
- <SYSTEM32>\gmurkkjqcvhfqv\etc
- <SYSTEM32>\gslqcvnhpxe.exe
- <SYSTEM32>\xhmuvzyojfv.exe
- %WINDIR%\Temp\m8rawxe35canvm.exe
- <DRIVERS>\etc\hosts
- %TEMP%\m8rawxe3058nvmiilqceh.exe
- 'fe###ance.net':80
- 'lo###ance.net':80
- 'lo###are.net':80
- 'wh###ell.net':80
- 'fe###are.net':80
- 'lo###ell.net':80
- 'th###dare.net':80
- 'fe###ell.net':80
- 'fe###ody.net':80
- 'lo###ody.net':80
- 'hi###are.net':80
- 'wh###are.net':80
- 'ju###ell.net':80
- 'ju###ody.net':80
- 'mo###ell.net':80
- 'wh###ody.net':80
- 'hi###ell.net':80
- 'hi###ody.net':80
- 'hi###ance.net':80
- 'wh###ance.net':80
- 'th###dance.net':80
- 'ab###igh.net':80
- 'kn###olor.net':80
- 'kn###igh.net':80
- 'kn###eel.net':80
- 'ab###eel.net':80
- 'pi###eel.net':80
- 'so###eel.net':80
- 'ab###nly.net':80
- 'ab###olor.net':80
- 'kn###nly.net':80
- 'wi###are.net':80
- 'dr###dance.net':80
- 'dr###dare.net':80
- 'th###body.net':80
- 'th###tell.net':80
- 'dr###tell.net':80
- 'wi###ell.net':80
- 'wi###ody.net':80
- 'wi###ance.net':80
- 'dr###body.net':80
- 'ab###are.net':80
- 'kn###ance.net':80
- 'kn###are.net':80
- 'dr###such.net':80
- 'wi###uch.net':80
- 'kn###ell.net':80
- 'ab###ell.net':80
- 'ab###ody.net':80
- 'ab###ance.net':80
- 'kn###ody.net':80
- 'de###lxc.com':80
- 'dr###some.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'dr###today.net':80
- 'wi###oday.net':80
- 'wi###even.net':80
- 'wi###ome.net':80
- 'dr###seven.net':80
- 'pi###are.net':80
- 'ro###ell.net':80
- 'si###ell.net':80
- 'si###ody.net':80
- 'si###ance.net':80
- 'ro###ody.net':80
- 'ju###ance.net':80
- 'mo###ody.net':80
- 'mo###ance.net':80
- 'mo###are.net':80
- 'ju###are.net':80
- 'pi###ody.net':80
- 'so###ody.net':80
- 'so###ance.net':80
- 'so###are.net':80
- 'pi###ance.net':80
- 'si###are.net':80
- 'ro###ance.net':80
- 'ro###are.net':80
- 'pi###ell.net':80
- 'so###ell.net':80
- http://fe###ance.net/index.php
- http://lo###ance.net/index.php
- http://lo###are.net/index.php
- http://wh###ell.net/index.php
- http://fe###are.net/index.php
- http://lo###ell.net/index.php
- http://th###dare.net/index.php
- http://fe###ell.net/index.php
- http://fe###ody.net/index.php
- http://lo###ody.net/index.php
- http://hi###are.net/index.php
- http://wh###are.net/index.php
- http://ju###ell.net/index.php
- http://ju###ody.net/index.php
- http://mo###ell.net/index.php
- http://wh###ody.net/index.php
- http://hi###ell.net/index.php
- http://hi###ody.net/index.php
- http://hi###ance.net/index.php
- http://wh###ance.net/index.php
- http://th###dance.net/index.php
- http://ab###igh.net/index.php
- http://kn###olor.net/index.php
- http://kn###igh.net/index.php
- http://kn###eel.net/index.php
- http://ab###eel.net/index.php
- http://pi###eel.net/index.php
- http://so###eel.net/index.php
- http://ab###nly.net/index.php
- http://ab###olor.net/index.php
- http://kn###nly.net/index.php
- http://wi###are.net/index.php
- http://dr###dance.net/index.php
- http://dr###dare.net/index.php
- http://th###body.net/index.php
- http://th###tell.net/index.php
- http://dr###tell.net/index.php
- http://wi###ell.net/index.php
- http://wi###ody.net/index.php
- http://wi###ance.net/index.php
- http://dr###body.net/index.php
- http://ab###are.net/index.php
- http://kn###ance.net/index.php
- http://kn###are.net/index.php
- http://dr###such.net/index.php
- http://wi###uch.net/index.php
- http://kn###ell.net/index.php
- http://ab###ell.net/index.php
- http://ab###ody.net/index.php
- http://ab###ance.net/index.php
- http://kn###ody.net/index.php
- http://de###lxc.com/index.php
- http://dr###some.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://dr###today.net/index.php
- http://wi###oday.net/index.php
- http://wi###even.net/index.php
- http://wi###ome.net/index.php
- http://dr###seven.net/index.php
- http://pi###are.net/index.php
- http://ro###ell.net/index.php
- http://si###ell.net/index.php
- http://si###ody.net/index.php
- http://si###ance.net/index.php
- http://ro###ody.net/index.php
- http://ju###ance.net/index.php
- http://mo###ody.net/index.php
- http://mo###ance.net/index.php
- http://mo###are.net/index.php
- http://ju###are.net/index.php
- http://pi###ody.net/index.php
- http://so###ody.net/index.php
- http://so###ance.net/index.php
- http://so###are.net/index.php
- http://pi###ance.net/index.php
- http://si###are.net/index.php
- http://ro###ance.net/index.php
- http://ro###are.net/index.php
- http://pi###ell.net/index.php
- http://so###ell.net/index.php
- DNS ASK lo###ance.net
- DNS ASK fe###ody.net
- DNS ASK fe###ance.net
- DNS ASK fe###are.net
- DNS ASK lo###are.net
- DNS ASK th###dare.net
- DNS ASK th###dance.net
- DNS ASK lo###ell.net
- DNS ASK lo###ody.net
- DNS ASK fe###ell.net
- DNS ASK wh###ell.net
- DNS ASK hi###are.net
- DNS ASK wh###are.net
- DNS ASK ju###ell.net
- DNS ASK ju###ody.net
- DNS ASK mo###ell.net
- DNS ASK wh###ody.net
- DNS ASK hi###ell.net
- DNS ASK hi###ody.net
- DNS ASK hi###ance.net
- DNS ASK wh###ance.net
- DNS ASK kn###olor.net
- DNS ASK ab###olor.net
- DNS ASK ab###igh.net
- DNS ASK ab###eel.net
- DNS ASK kn###igh.net
- DNS ASK so###eel.net
- DNS ASK pi###igh.net
- DNS ASK pi###eel.net
- DNS ASK kn###nly.net
- DNS ASK ab###nly.net
- DNS ASK kn###eel.net
- DNS ASK wi###are.net
- DNS ASK dr###dance.net
- DNS ASK dr###dare.net
- DNS ASK th###body.net
- DNS ASK th###tell.net
- DNS ASK dr###tell.net
- DNS ASK wi###ell.net
- DNS ASK wi###ody.net
- DNS ASK wi###ance.net
- DNS ASK dr###body.net
- DNS ASK ab###are.net
- DNS ASK kn###ance.net
- DNS ASK kn###are.net
- DNS ASK dr###such.net
- DNS ASK wi###uch.net
- DNS ASK kn###ell.net
- DNS ASK ab###ell.net
- DNS ASK ab###ody.net
- DNS ASK ab###ance.net
- DNS ASK kn###ody.net
- DNS ASK de###lxc.com
- DNS ASK dr###some.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK dr###today.net
- DNS ASK wi###oday.net
- DNS ASK wi###even.net
- DNS ASK wi###ome.net
- DNS ASK dr###seven.net
- DNS ASK pi###are.net
- DNS ASK ro###ell.net
- DNS ASK si###ell.net
- DNS ASK si###ody.net
- DNS ASK si###ance.net
- DNS ASK ro###ody.net
- DNS ASK ju###ance.net
- DNS ASK mo###ody.net
- DNS ASK mo###ance.net
- DNS ASK mo###are.net
- DNS ASK ju###are.net
- DNS ASK pi###ody.net
- DNS ASK so###ody.net
- DNS ASK so###ance.net
- DNS ASK so###are.net
- DNS ASK pi###ance.net
- DNS ASK si###are.net
- DNS ASK ro###ance.net
- DNS ASK ro###are.net
- DNS ASK pi###ell.net
- DNS ASK so###ell.net
- '23#.#55.255.250':1900