Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AuthIP Web Endpoint Power Health' = '<SYSTEM32>\dzcajowlr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Name System Initiator Card ActiveX Identity] 'ImagePath' = '<SYSTEM32>\dzcajowlr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Name System Initiator Card ActiveX Identity] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\mwaccxwkjh.exe' "<SYSTEM32>\dzcajowlr.exe"
- '%WINDIR%\Temp\q8fmwuq3gkutstvm.exe' -r 36668 tcp
- '%TEMP%\q8fmwuqpr38bctvmizbkz5.exe'
- '<SYSTEM32>\dzcajowlr.exe'
- <SYSTEM32>\qtdhcpu\run
- <SYSTEM32>\qtdhcpu\rng
- %WINDIR%\Temp\q8fmwuq3gkutstvm.exe
- <SYSTEM32>\qtdhcpu\cfg
- %TEMP%\q8fmwuqpr38bctvmizbkz5.exe
- <SYSTEM32>\qtdhcpu\tst
- <SYSTEM32>\mwaccxwkjh.exe
- <SYSTEM32>\dzcajowlr.exe
- <SYSTEM32>\mwaccxwkjh.exe
- <SYSTEM32>\dzcajowlr.exe
- %WINDIR%\Temp\q8fmwuq3gkutstvm.exe
- %TEMP%\q8fmwuqpr38bctvmizbkz5.exe
- 'th###gold.net':80
- 'li###old.net':80
- 'th###grain.net':80
- 'li###rain.net':80
- 'fe###ome.net':80
- 'we###ver.net':80
- 'fe###rain.net':80
- 'we###ome.net':80
- 'fe###ver.net':80
- 'li###ver.net':80
- 'so###grain.net':80
- 'fi###grain.net':80
- 'so###over.net':80
- 'fi###over.net':80
- 'so###gold.net':80
- 'li###ome.net':80
- 'th###over.net':80
- 'fi###gold.net':80
- 'th###home.net':80
- 'ca###ome.net':80
- 'po###over.net':80
- 'le###old.net':80
- 'po###home.net':80
- 'ca###ver.net':80
- 'po###gold.net':80
- 'ca###old.net':80
- 'po###grain.net':80
- 'ca###rain.net':80
- 'ta###gold.net':80
- 'we###old.net':80
- 'ta###home.net':80
- 'we###rain.net':80
- 'fe###old.net':80
- 'le###ome.net':80
- 'ta###grain.net':80
- 'le###rain.net':80
- 'ta###over.net':80
- 'le###ver.net':80
- 'fi###home.net':80
- 'ca###ift.net':80
- 'po####uesday.net':80
- 'ef###tbuilt.net':80
- 'th###while.net':80
- 'ca###uesday.net':80
- 'no###ouse.net':80
- 'li###ouse.net':80
- 'po###peace.net':80
- 'ca###eace.net':80
- 'ri###nstorm.net':80
- 'de####promise.net':80
- 'se####strong.net':80
- 'or###thrown.net':80
- 'jo####ymeasure.net':80
- 'si######edwerryhouse.net':80
- 'gw#####ynhuddleston.net':80
- 'of####urprise.net':80
- 'mo####gduring.net':80
- 'ch####nother.net':80
- 'ri###ift.net':80
- 'fa###gift.net':80
- 'ri###ouse.net':80
- 'fa###house.net':80
- 'ri###uesday.net':80
- 'fa###peace.net':80
- 'so###home.net':80
- 'fa####uesday.net':80
- 'ri###eace.net':80
- 'we###eace.net':80
- 'no###uesday.net':80
- 'li###uesday.net':80
- 'no###ift.net':80
- 'li###ift.net':80
- 'no###eace.net':80
- 'we###ift.net':80
- 'we###uesday.net':80
- 'li###eace.net':80
- 'we###ouse.net':80
- http://th###gold.net/index.php
- http://li###old.net/index.php
- http://th###grain.net/index.php
- http://li###rain.net/index.php
- http://fe###ome.net/index.php
- http://we###ver.net/index.php
- http://fe###rain.net/index.php
- http://we###ome.net/index.php
- http://fe###ver.net/index.php
- http://li###ver.net/index.php
- http://so###grain.net/index.php
- http://fi###grain.net/index.php
- http://so###over.net/index.php
- http://fi###over.net/index.php
- http://so###gold.net/index.php
- http://li###ome.net/index.php
- http://th###over.net/index.php
- http://fi###gold.net/index.php
- http://th###home.net/index.php
- http://ca###ome.net/index.php
- http://po###over.net/index.php
- http://le###old.net/index.php
- http://po###home.net/index.php
- http://ca###ver.net/index.php
- http://po###gold.net/index.php
- http://ca###old.net/index.php
- http://po###grain.net/index.php
- http://ca###rain.net/index.php
- http://ta###gold.net/index.php
- http://we###old.net/index.php
- http://ta###home.net/index.php
- http://we###rain.net/index.php
- http://fe###old.net/index.php
- http://le###ome.net/index.php
- http://ta###grain.net/index.php
- http://le###rain.net/index.php
- http://ta###over.net/index.php
- http://le###ver.net/index.php
- http://fi###home.net/index.php
- http://ca###ift.net/index.php
- http://po####uesday.net/index.php
- http://ef###tbuilt.net/index.php
- http://th###while.net/index.php
- http://ca###uesday.net/index.php
- http://no###ouse.net/index.php
- http://li###ouse.net/index.php
- http://po###peace.net/index.php
- http://ca###eace.net/index.php
- http://ri###nstorm.net/index.php
- http://de####promise.net/index.php
- http://se####strong.net/index.php
- http://or###thrown.net/index.php
- http://jo####ymeasure.net/index.php
- http://si######edwerryhouse.net/index.php
- http://gw#####ynhuddleston.net/index.php
- http://of####urprise.net/index.php
- http://mo####gduring.net/index.php
- http://ch####nother.net/index.php
- http://ri###ift.net/index.php
- http://fa###gift.net/index.php
- http://ri###ouse.net/index.php
- http://fa###house.net/index.php
- http://ri###uesday.net/index.php
- http://fa###peace.net/index.php
- http://so###home.net/index.php
- http://fa####uesday.net/index.php
- http://ri###eace.net/index.php
- http://we###eace.net/index.php
- http://no###uesday.net/index.php
- http://li###uesday.net/index.php
- http://no###ift.net/index.php
- http://li###ift.net/index.php
- http://no###eace.net/index.php
- http://we###ift.net/index.php
- http://we###uesday.net/index.php
- http://li###eace.net/index.php
- http://we###ouse.net/index.php
- DNS ASK li###rain.net
- DNS ASK th###gold.net
- DNS ASK li###ver.net
- DNS ASK th###grain.net
- DNS ASK li###old.net
- DNS ASK fe###ver.net
- DNS ASK we###ver.net
- DNS ASK fe###ome.net
- DNS ASK we###ome.net
- DNS ASK th###over.net
- DNS ASK fi###over.net
- DNS ASK so###grain.net
- DNS ASK fi###home.net
- DNS ASK so###over.net
- DNS ASK fi###grain.net
- DNS ASK th###home.net
- DNS ASK li###ome.net
- DNS ASK so###gold.net
- DNS ASK fi###gold.net
- DNS ASK fe###rain.net
- DNS ASK ca###ome.net
- DNS ASK po###over.net
- DNS ASK le###old.net
- DNS ASK po###home.net
- DNS ASK ca###ver.net
- DNS ASK po###gold.net
- DNS ASK ca###old.net
- DNS ASK po###grain.net
- DNS ASK ca###rain.net
- DNS ASK ta###gold.net
- DNS ASK we###old.net
- DNS ASK ta###home.net
- DNS ASK we###rain.net
- DNS ASK fe###old.net
- DNS ASK le###ome.net
- DNS ASK ta###grain.net
- DNS ASK le###rain.net
- DNS ASK ta###over.net
- DNS ASK le###ver.net
- DNS ASK ca###ift.net
- DNS ASK po####uesday.net
- DNS ASK ef###tbuilt.net
- DNS ASK th###while.net
- DNS ASK ca###uesday.net
- DNS ASK no###ouse.net
- DNS ASK li###ouse.net
- DNS ASK po###peace.net
- DNS ASK ca###eace.net
- DNS ASK ri###nstorm.net
- DNS ASK de####promise.net
- DNS ASK se####strong.net
- DNS ASK or###thrown.net
- DNS ASK jo####ymeasure.net
- DNS ASK si######edwerryhouse.net
- DNS ASK gw#####ynhuddleston.net
- DNS ASK of####urprise.net
- DNS ASK mo####gduring.net
- DNS ASK ch####nother.net
- DNS ASK ri###ift.net
- DNS ASK fa###gift.net
- DNS ASK ri###ouse.net
- DNS ASK fa###house.net
- DNS ASK ri###uesday.net
- DNS ASK fa###peace.net
- DNS ASK so###home.net
- DNS ASK fa####uesday.net
- DNS ASK ri###eace.net
- DNS ASK we###eace.net
- DNS ASK no###uesday.net
- DNS ASK li###uesday.net
- DNS ASK no###ift.net
- DNS ASK li###ift.net
- DNS ASK no###eace.net
- DNS ASK we###ift.net
- DNS ASK we###uesday.net
- DNS ASK li###eace.net
- DNS ASK we###ouse.net
- '23#.#55.255.250':1900