Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Key Font Installer AutoConnect' = '<SYSTEM32>\xdqxsjchav.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Connections Health Locator Auto] 'ImagePath' = '<SYSTEM32>\xdqxsjchav.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Connections Health Locator Auto] 'Start' = '00000002'
- Windows Security Center
- <SYSTEM32>\htnnkgwnxndz\run
- <SYSTEM32>\htnnkgwnxndz\rng
- %WINDIR%\Temp\eg4656ao38peuhd.exe
- <SYSTEM32>\htnnkgwnxndz\cfg
- <SYSTEM32>\niiphek.exe
- %TEMP%\eg4656ao33nyuhdmffmrr.exe
- <SYSTEM32>\htnnkgwnxndz\tst
- <SYSTEM32>\xdqxsjchav.exe
- <SYSTEM32>\htnnkgwnxndz\etc
- <SYSTEM32>\niiphek.exe
- <SYSTEM32>\xdqxsjchav.exe
- %WINDIR%\Temp\eg4656ao38peuhd.exe
- <DRIVERS>\etc\hosts
- %TEMP%\eg4656ao33nyuhdmffmrr.exe
- 'ha###ate.net':80
- 'ya###alf.net':80
- 'hu###late.net':80
- 'hu###guide.net':80
- 'ha###uide.net':80
- 'ya###uide.net':80
- 'mu###guide.net':80
- 'mu###name.net':80
- 'mu###half.net':80
- 'ya###ame.net':80
- 'ma###olor.net':80
- 'wr###only.net':80
- 'wr###color.net':80
- 'wr###high.net':80
- 'ma###igh.net':80
- 'hu###name.net':80
- 'ha###ame.net':80
- 'ha###alf.net':80
- 'ma###nly.net':80
- 'hu###half.net':80
- 'of###name.net':80
- 'fr###guide.net':80
- 'fr###name.net':80
- 'fr###half.net':80
- 'of###half.net':80
- 'se####berhalf.net':80
- 'se####bername.net':80
- 'of###late.net':80
- 'of###guide.net':80
- 'fr###late.net':80
- 'sp###half.net':80
- 'we###ame.net':80
- 'we###alf.net':80
- 'ya###ate.net':80
- 'mu###late.net':80
- 'we###ate.net':80
- 'sp###late.net':80
- 'sp###guide.net':80
- 'sp###name.net':80
- 'we###uide.net':80
- 'ma###eel.net':80
- 'fr###only.net':80
- 'of###only.net':80
- 'of###color.net':80
- 'be##lxc.com':80
- 'fr###color.net':80
- 'se####berhigh.net':80
- 'ha###olor.net':80
- 'ha###igh.net':80
- 'ha###eel.net':80
- 'se####berfeel.net':80
- 'mi###hown.net':80
- 'ab###ell.net':80
- 'mo###ugust.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'al###being.net':80
- 'ri###nstorm.net':80
- 'ca####nbring.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'de###igh.net':80
- 'ro###igh.net':80
- 'ro###eel.net':80
- 'wi###nly.net':80
- 'de###eel.net':80
- 'ro###nly.net':80
- 'wr###feel.net':80
- 'de###nly.net':80
- 'de###olor.net':80
- 'ro###olor.net':80
- 'jo###eel.net':80
- 'wi###eel.net':80
- 'se####beronly.net':80
- 'se####bercolor.net':80
- 'ha###nly.net':80
- 'wi###olor.net':80
- 'jo###nly.net':80
- 'jo###olor.net':80
- 'jo###igh.net':80
- 'wi###igh.net':80
- http://ha###ate.net/index.php
- http://ya###alf.net/index.php
- http://hu###late.net/index.php
- http://hu###guide.net/index.php
- http://ha###uide.net/index.php
- http://ya###uide.net/index.php
- http://mu###guide.net/index.php
- http://mu###name.net/index.php
- http://mu###half.net/index.php
- http://ya###ame.net/index.php
- http://ma###olor.net/index.php
- http://wr###only.net/index.php
- http://wr###color.net/index.php
- http://wr###high.net/index.php
- http://ma###igh.net/index.php
- http://hu###name.net/index.php
- http://ha###ame.net/index.php
- http://ha###alf.net/index.php
- http://ma###nly.net/index.php
- http://hu###half.net/index.php
- http://of###name.net/index.php
- http://fr###guide.net/index.php
- http://fr###name.net/index.php
- http://fr###half.net/index.php
- http://of###half.net/index.php
- http://se####berhalf.net/index.php
- http://se####bername.net/index.php
- http://of###late.net/index.php
- http://of###guide.net/index.php
- http://fr###late.net/index.php
- http://sp###half.net/index.php
- http://we###ame.net/index.php
- http://we###alf.net/index.php
- http://ya###ate.net/index.php
- http://mu###late.net/index.php
- http://we###ate.net/index.php
- http://sp###late.net/index.php
- http://sp###guide.net/index.php
- http://sp###name.net/index.php
- http://we###uide.net/index.php
- http://ma###eel.net/index.php
- http://fr###only.net/index.php
- http://of###only.net/index.php
- http://of###color.net/index.php
- http://be##lxc.com/index.php
- http://fr###color.net/index.php
- http://se####berhigh.net/index.php
- http://ha###olor.net/index.php
- http://ha###igh.net/index.php
- http://ha###eel.net/index.php
- http://se####berfeel.net/index.php
- http://mi###hown.net/index.php
- http://ab###ell.net/index.php
- http://mo###ugust.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://al###being.net/index.php
- http://ri###nstorm.net/index.php
- http://ca####nbring.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://de###igh.net/index.php
- http://ro###igh.net/index.php
- http://ro###eel.net/index.php
- http://wi###nly.net/index.php
- http://de###eel.net/index.php
- http://ro###nly.net/index.php
- http://wr###feel.net/index.php
- http://de###nly.net/index.php
- http://de###olor.net/index.php
- http://ro###olor.net/index.php
- http://jo###eel.net/index.php
- http://wi###eel.net/index.php
- http://se####beronly.net/index.php
- http://se####bercolor.net/index.php
- http://ha###nly.net/index.php
- http://wi###olor.net/index.php
- http://jo###nly.net/index.php
- http://jo###olor.net/index.php
- http://jo###igh.net/index.php
- http://wi###igh.net/index.php
- DNS ASK ha###ate.net
- DNS ASK ya###alf.net
- DNS ASK hu###late.net
- DNS ASK hu###guide.net
- DNS ASK ha###uide.net
- DNS ASK ya###uide.net
- DNS ASK mu###guide.net
- DNS ASK mu###name.net
- DNS ASK mu###half.net
- DNS ASK ya###ame.net
- DNS ASK ma###olor.net
- DNS ASK wr###only.net
- DNS ASK wr###color.net
- DNS ASK wr###high.net
- DNS ASK ma###igh.net
- DNS ASK hu###name.net
- DNS ASK ha###ame.net
- DNS ASK ha###alf.net
- DNS ASK ma###nly.net
- DNS ASK hu###half.net
- DNS ASK ya###ate.net
- DNS ASK fr###guide.net
- DNS ASK of###guide.net
- DNS ASK of###name.net
- DNS ASK of###half.net
- DNS ASK fr###name.net
- DNS ASK se####bername.net
- DNS ASK se####berguide.net
- DNS ASK se####berhalf.net
- DNS ASK fr###late.net
- DNS ASK of###late.net
- DNS ASK we###ame.net
- DNS ASK sp###name.net
- DNS ASK sp###half.net
- DNS ASK mu###late.net
- DNS ASK we###alf.net
- DNS ASK sp###late.net
- DNS ASK fr###half.net
- DNS ASK we###ate.net
- DNS ASK we###uide.net
- DNS ASK sp###guide.net
- DNS ASK ma###eel.net
- DNS ASK fr###only.net
- DNS ASK of###only.net
- DNS ASK of###color.net
- DNS ASK be##lxc.com
- DNS ASK fr###color.net
- DNS ASK se####berhigh.net
- DNS ASK ha###olor.net
- DNS ASK ha###igh.net
- DNS ASK ha###eel.net
- DNS ASK se####berfeel.net
- DNS ASK mi###hown.net
- DNS ASK ab###ell.net
- DNS ASK mo###ugust.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK al###being.net
- DNS ASK ri###nstorm.net
- DNS ASK ca####nbring.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK de###igh.net
- DNS ASK ro###igh.net
- DNS ASK ro###eel.net
- DNS ASK wi###nly.net
- DNS ASK de###eel.net
- DNS ASK ro###nly.net
- DNS ASK wr###feel.net
- DNS ASK de###nly.net
- DNS ASK de###olor.net
- DNS ASK ro###olor.net
- DNS ASK jo###eel.net
- DNS ASK wi###eel.net
- DNS ASK se####beronly.net
- DNS ASK se####bercolor.net
- DNS ASK ha###nly.net
- DNS ASK wi###olor.net
- DNS ASK jo###nly.net
- DNS ASK jo###olor.net
- DNS ASK jo###igh.net
- DNS ASK wi###igh.net
- '23#.#55.255.250':1900