Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Bluetooth Grouping Scheduler' = '<SYSTEM32>\betzysn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Software HomeGroup Log Mapper] 'ImagePath' = '<SYSTEM32>\betzysn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Software HomeGroup Log Mapper] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\yuujcnndqtw.exe' "<SYSTEM32>\betzysn.exe"
- '%WINDIR%\Temp\xoc6s72tgszk4j.exe' -r 24734 tcp
- '%TEMP%\xoc6s72n6nzk4jskorjbx.exe'
- '<SYSTEM32>\betzysn.exe'
- <SYSTEM32>\tswbrnxlmr\run
- <SYSTEM32>\tswbrnxlmr\rng
- %WINDIR%\Temp\xoc6s72tgszk4j.exe
- <SYSTEM32>\tswbrnxlmr\cfg
- <SYSTEM32>\yuujcnndqtw.exe
- %TEMP%\xoc6s72n6nzk4jskorjbx.exe
- <SYSTEM32>\tswbrnxlmr\tst
- <SYSTEM32>\betzysn.exe
- <SYSTEM32>\tswbrnxlmr\etc
- <SYSTEM32>\yuujcnndqtw.exe
- <SYSTEM32>\betzysn.exe
- %WINDIR%\Temp\xoc6s72tgszk4j.exe
- <DRIVERS>\etc\hosts
- %TEMP%\xoc6s72n6nzk4jskorjbx.exe
- 'jo###ift.net':80
- 'wi###ift.net':80
- 'wi###ouse.net':80
- 'se####berpeace.net':80
- 'jo###ouse.net':80
- 'wi###eace.net':80
- 'de###ouse.net':80
- 'jo###eace.net':80
- 'jo###uesday.net':80
- 'wi###uesday.net':80
- 'se#####ertuesday.net':80
- 'of###gift.net':80
- 'fr####uesday.net':80
- 'fr###gift.net':80
- 'fr###house.net':80
- 'of###house.net':80
- 'se####berhouse.net':80
- 'se####bergift.net':80
- 'of###peace.net':80
- 'of####uesday.net':80
- 'fr###peace.net':80
- 'ma###eace.net':80
- 'hu###home.net':80
- 'wr###peace.net':80
- 'wr####uesday.net':80
- 'ma###uesday.net':80
- 'hu###grain.net':80
- 'ha###rain.net':80
- 'ha###ver.net':80
- 'ha###ome.net':80
- 'hu###over.net':80
- 'ma###ift.net':80
- 'de###uesday.net':80
- 'ro###uesday.net':80
- 'ro###ift.net':80
- 'ro###ouse.net':80
- 'de###ift.net':80
- 'ma###ouse.net':80
- 'wr###gift.net':80
- 'wr###house.net':80
- 'de###eace.net':80
- 'ro###eace.net':80
- 'sp###peace.net':80
- 'ma###ine.net':80
- 'wr###live.net':80
- 'wr###mine.net':80
- 'th###while.net':80
- 'ma###ello.net':80
- 'hu###house.net':80
- 'ha###ouse.net':80
- 'ma###erve.net':80
- 'ma###ive.net':80
- 'wr###serve.net':80
- 'ef###tbuilt.net':80
- 'se####strong.net':80
- 'si######edwerryhouse.net':80
- 'de####promise.net':80
- 'or###thrown.net':80
- 'jo####ymeasure.net':80
- 'of####urprise.net':80
- 'ri###nstorm.net':80
- 'gw#####ynhuddleston.net':80
- 'mo####gduring.net':80
- 'ch####nother.net':80
- 'we###ouse.net':80
- 'sp###house.net':80
- 'mu###peace.net':80
- 'mu####uesday.net':80
- 'ya###eace.net':80
- 'sp####uesday.net':80
- 'we###eace.net':80
- 'we###uesday.net':80
- 'we###ift.net':80
- 'sp###gift.net':80
- 'ya###uesday.net':80
- 'ha###uesday.net':80
- 'hu###peace.net':80
- 'hu####uesday.net':80
- 'hu###gift.net':80
- 'ha###ift.net':80
- 'ya###ift.net':80
- 'mu###gift.net':80
- 'mu###house.net':80
- 'ha###eace.net':80
- 'ya###ouse.net':80
- http://jo###ift.net/index.php
- http://wi###ift.net/index.php
- http://wi###ouse.net/index.php
- http://se####berpeace.net/index.php
- http://jo###ouse.net/index.php
- http://wi###eace.net/index.php
- http://de###ouse.net/index.php
- http://jo###eace.net/index.php
- http://jo###uesday.net/index.php
- http://wi###uesday.net/index.php
- http://se#####ertuesday.net/index.php
- http://of###gift.net/index.php
- http://fr####uesday.net/index.php
- http://fr###gift.net/index.php
- http://fr###house.net/index.php
- http://of###house.net/index.php
- http://se####berhouse.net/index.php
- http://se####bergift.net/index.php
- http://of###peace.net/index.php
- http://of####uesday.net/index.php
- http://fr###peace.net/index.php
- http://ma###eace.net/index.php
- http://hu###home.net/index.php
- http://wr###peace.net/index.php
- http://wr####uesday.net/index.php
- http://ma###uesday.net/index.php
- http://hu###grain.net/index.php
- http://ha###rain.net/index.php
- http://ha###ver.net/index.php
- http://ha###ome.net/index.php
- http://hu###over.net/index.php
- http://ma###ift.net/index.php
- http://de###uesday.net/index.php
- http://ro###uesday.net/index.php
- http://ro###ift.net/index.php
- http://ro###ouse.net/index.php
- http://de###ift.net/index.php
- http://ma###ouse.net/index.php
- http://wr###gift.net/index.php
- http://wr###house.net/index.php
- http://de###eace.net/index.php
- http://ro###eace.net/index.php
- http://sp###peace.net/index.php
- http://ma###ine.net/index.php
- http://wr###live.net/index.php
- http://wr###mine.net/index.php
- http://th###while.net/index.php
- http://ma###ello.net/index.php
- http://hu###house.net/index.php
- http://ha###ouse.net/index.php
- http://ma###erve.net/index.php
- http://ma###ive.net/index.php
- http://wr###serve.net/index.php
- http://ef###tbuilt.net/index.php
- http://se####strong.net/index.php
- http://si######edwerryhouse.net/index.php
- http://de####promise.net/index.php
- http://or###thrown.net/index.php
- http://jo####ymeasure.net/index.php
- http://of####urprise.net/index.php
- http://ri###nstorm.net/index.php
- http://gw#####ynhuddleston.net/index.php
- http://mo####gduring.net/index.php
- http://ch####nother.net/index.php
- http://we###ouse.net/index.php
- http://sp###house.net/index.php
- http://mu###peace.net/index.php
- http://mu####uesday.net/index.php
- http://ya###eace.net/index.php
- http://sp####uesday.net/index.php
- http://we###eace.net/index.php
- http://we###uesday.net/index.php
- http://we###ift.net/index.php
- http://sp###gift.net/index.php
- http://ya###uesday.net/index.php
- http://ha###uesday.net/index.php
- http://hu###peace.net/index.php
- http://hu####uesday.net/index.php
- http://hu###gift.net/index.php
- http://ha###ift.net/index.php
- http://ya###ift.net/index.php
- http://mu###gift.net/index.php
- http://mu###house.net/index.php
- http://ha###eace.net/index.php
- http://ya###ouse.net/index.php
- DNS ASK jo###ift.net
- DNS ASK wi###ift.net
- DNS ASK wi###ouse.net
- DNS ASK se####berpeace.net
- DNS ASK jo###ouse.net
- DNS ASK wi###eace.net
- DNS ASK de###ouse.net
- DNS ASK jo###eace.net
- DNS ASK jo###uesday.net
- DNS ASK wi###uesday.net
- DNS ASK se#####ertuesday.net
- DNS ASK of###gift.net
- DNS ASK fr####uesday.net
- DNS ASK fr###gift.net
- DNS ASK fr###house.net
- DNS ASK of###house.net
- DNS ASK se####berhouse.net
- DNS ASK se####bergift.net
- DNS ASK of###peace.net
- DNS ASK of####uesday.net
- DNS ASK fr###peace.net
- DNS ASK ro###ouse.net
- DNS ASK hu###home.net
- DNS ASK ha###ome.net
- DNS ASK ma###eace.net
- DNS ASK ma###uesday.net
- DNS ASK wr###peace.net
- DNS ASK ha###rain.net
- DNS ASK hu###gold.net
- DNS ASK hu###grain.net
- DNS ASK hu###over.net
- DNS ASK ha###ver.net
- DNS ASK wr####uesday.net
- DNS ASK ro###uesday.net
- DNS ASK de###eace.net
- DNS ASK de###uesday.net
- DNS ASK de###ift.net
- DNS ASK ro###ift.net
- DNS ASK wr###gift.net
- DNS ASK ma###ift.net
- DNS ASK ma###ouse.net
- DNS ASK ro###eace.net
- DNS ASK wr###house.net
- DNS ASK sp###peace.net
- DNS ASK ma###ine.net
- DNS ASK wr###live.net
- DNS ASK wr###mine.net
- DNS ASK th###while.net
- DNS ASK ma###ello.net
- DNS ASK hu###house.net
- DNS ASK ha###ouse.net
- DNS ASK ma###erve.net
- DNS ASK ma###ive.net
- DNS ASK wr###serve.net
- DNS ASK ef###tbuilt.net
- DNS ASK se####strong.net
- DNS ASK si######edwerryhouse.net
- DNS ASK de####promise.net
- DNS ASK or###thrown.net
- DNS ASK jo####ymeasure.net
- DNS ASK of####urprise.net
- DNS ASK ri###nstorm.net
- DNS ASK gw#####ynhuddleston.net
- DNS ASK mo####gduring.net
- DNS ASK ch####nother.net
- DNS ASK we###ouse.net
- DNS ASK sp###house.net
- DNS ASK mu###peace.net
- DNS ASK mu####uesday.net
- DNS ASK ya###eace.net
- DNS ASK sp####uesday.net
- DNS ASK we###eace.net
- DNS ASK we###uesday.net
- DNS ASK we###ift.net
- DNS ASK sp###gift.net
- DNS ASK ya###uesday.net
- DNS ASK ha###uesday.net
- DNS ASK hu###peace.net
- DNS ASK hu####uesday.net
- DNS ASK hu###gift.net
- DNS ASK ha###ift.net
- DNS ASK ya###ift.net
- DNS ASK mu###gift.net
- DNS ASK mu###house.net
- DNS ASK ha###eace.net
- DNS ASK ya###ouse.net
- '23#.#55.255.250':1900