Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Base NGEN Protection Encryption' = '<SYSTEM32>\vsnqyxlgj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Class Multimedia Protocol] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\lwbvrkddqj.exe' "<SYSTEM32>\vsnqyxlgj.exe"
- '%WINDIR%\Temp\hw3ykd36lvukfp.exe' -r 22910 tcp
- '%TEMP%\hw3ykd2w2yukfpckiolzw.exe'
- '<SYSTEM32>\vsnqyxlgj.exe'
- <SYSTEM32>\cztwicaclpn\run
- <SYSTEM32>\cztwicaclpn\rng
- %WINDIR%\Temp\hw3ykd36lvukfp.exe
- <SYSTEM32>\cztwicaclpn\cfg
- <SYSTEM32>\lwbvrkddqj.exe
- %TEMP%\hw3ykd2w2yukfpckiolzw.exe
- <SYSTEM32>\cztwicaclpn\tst
- <SYSTEM32>\vsnqyxlgj.exe
- <SYSTEM32>\cztwicaclpn\etc
- <SYSTEM32>\lwbvrkddqj.exe
- <SYSTEM32>\vsnqyxlgj.exe
- %WINDIR%\Temp\hw3ykd36lvukfp.exe
- <DRIVERS>\etc\hosts
- %TEMP%\hw3ykd2w2yukfpckiolzw.exe
- 'na###ron.net':80
- 'dr###build.net':80
- 'we####daydeal.net':80
- 'dr###iron.net':80
- 'na###uild.net':80
- 'dr###deal.net':80
- 'na###eal.net':80
- 'dr###roll.net':80
- 'na###oll.net':80
- 'se###eal.net':80
- 'fo###deal.net':80
- 'se###ron.net':80
- 'fo###roll.net':80
- 'af###deal.net':80
- 'we####dayiron.net':80
- 'se###oll.net':80
- 'we####dayroll.net':80
- 'se###uild.net':80
- 'we####daybuild.net':80
- 'fi###shoe.net':80
- 'ga###oon.net':80
- 'bo###uter.net':80
- 'ga###ctober.net':80
- 'bo###oon.net':80
- 'ga###uter.net':80
- 'le####ctober.net':80
- 'fa###ctober.net':80
- 'le###shoe.net':80
- 'fa###hoe.net':80
- 'bo###ctober.net':80
- 'qu####ctober.net':80
- 'fi###moon.net':80
- 'qu###shoe.net':80
- 'fi####ctober.net':80
- 'qu###moon.net':80
- 'bo###hoe.net':80
- 'ga###hoe.net':80
- 'fi###outer.net':80
- 'qu###outer.net':80
- 'af###roll.net':80
- 'fa###ron.net':80
- 'le###build.net':80
- 'be##lxc.com':80
- 'le###iron.net':80
- 'fa###uild.net':80
- 'le###deal.net':80
- 'fa###eal.net':80
- 'le###roll.net':80
- 'fa###oll.net':80
- 'ri###nstorm.net':80
- 'mo###ugust.net':80
- 'mi###hown.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'ab###ell.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'mo###iron.net':80
- 'we###oll.net':80
- 'st###deal.net':80
- 'we###uild.net':80
- 'st###roll.net':80
- 'we###eal.net':80
- 'af###build.net':80
- 'fo###build.net':80
- 'af###iron.net':80
- 'fo###iron.net':80
- 'st###build.net':80
- 'wa###uild.net':80
- 'mo###roll.net':80
- 'wa###ron.net':80
- 'mo###build.net':80
- 'wa###oll.net':80
- 'st###iron.net':80
- 'we###ron.net':80
- 'mo###deal.net':80
- 'wa###eal.net':80
- http://na###ron.net/index.php
- http://dr###build.net/index.php
- http://we####daydeal.net/index.php
- http://dr###iron.net/index.php
- http://na###uild.net/index.php
- http://dr###deal.net/index.php
- http://na###eal.net/index.php
- http://dr###roll.net/index.php
- http://na###oll.net/index.php
- http://se###eal.net/index.php
- http://fo###deal.net/index.php
- http://se###ron.net/index.php
- http://fo###roll.net/index.php
- http://af###deal.net/index.php
- http://we####dayiron.net/index.php
- http://se###oll.net/index.php
- http://we####dayroll.net/index.php
- http://se###uild.net/index.php
- http://we####daybuild.net/index.php
- http://fi###shoe.net/index.php
- http://ga###oon.net/index.php
- http://bo###uter.net/index.php
- http://ga###ctober.net/index.php
- http://bo###oon.net/index.php
- http://ga###uter.net/index.php
- http://le####ctober.net/index.php
- http://fa###ctober.net/index.php
- http://le###shoe.net/index.php
- http://fa###hoe.net/index.php
- http://bo###ctober.net/index.php
- http://qu####ctober.net/index.php
- http://fi###moon.net/index.php
- http://qu###shoe.net/index.php
- http://fi####ctober.net/index.php
- http://qu###moon.net/index.php
- http://bo###hoe.net/index.php
- http://ga###hoe.net/index.php
- http://fi###outer.net/index.php
- http://qu###outer.net/index.php
- http://af###roll.net/index.php
- http://fa###ron.net/index.php
- http://le###build.net/index.php
- http://be##lxc.com/index.php
- http://le###iron.net/index.php
- http://fa###uild.net/index.php
- http://le###deal.net/index.php
- http://fa###eal.net/index.php
- http://le###roll.net/index.php
- http://fa###oll.net/index.php
- http://ri###nstorm.net/index.php
- http://mo###ugust.net/index.php
- http://mi###hown.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://ab###ell.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://mo###iron.net/index.php
- http://we###oll.net/index.php
- http://st###deal.net/index.php
- http://we###uild.net/index.php
- http://st###roll.net/index.php
- http://we###eal.net/index.php
- http://af###build.net/index.php
- http://fo###build.net/index.php
- http://af###iron.net/index.php
- http://fo###iron.net/index.php
- http://st###build.net/index.php
- http://wa###uild.net/index.php
- http://mo###roll.net/index.php
- http://wa###ron.net/index.php
- http://mo###build.net/index.php
- http://wa###oll.net/index.php
- http://st###iron.net/index.php
- http://we###ron.net/index.php
- http://mo###deal.net/index.php
- http://wa###eal.net/index.php
- DNS ASK dr###build.net
- DNS ASK na###uild.net
- DNS ASK na###ron.net
- DNS ASK we####daydeal.net
- DNS ASK dr###iron.net
- DNS ASK na###eal.net
- DNS ASK fi###shoe.net
- DNS ASK dr###deal.net
- DNS ASK dr###roll.net
- DNS ASK na###oll.net
- DNS ASK se###ron.net
- DNS ASK we####dayiron.net
- DNS ASK fo###deal.net
- DNS ASK fo###roll.net
- DNS ASK af###deal.net
- DNS ASK we####dayroll.net
- DNS ASK se###eal.net
- DNS ASK se###oll.net
- DNS ASK se###uild.net
- DNS ASK we####daybuild.net
- DNS ASK bo###uter.net
- DNS ASK ga###uter.net
- DNS ASK ga###oon.net
- DNS ASK ga###ctober.net
- DNS ASK bo###oon.net
- DNS ASK fa###ctober.net
- DNS ASK le###moon.net
- DNS ASK le####ctober.net
- DNS ASK le###shoe.net
- DNS ASK fa###hoe.net
- DNS ASK fi###moon.net
- DNS ASK qu###moon.net
- DNS ASK qu####ctober.net
- DNS ASK qu###shoe.net
- DNS ASK fi####ctober.net
- DNS ASK ga###hoe.net
- DNS ASK bo###ctober.net
- DNS ASK bo###hoe.net
- DNS ASK fi###outer.net
- DNS ASK qu###outer.net
- DNS ASK af###roll.net
- DNS ASK fa###ron.net
- DNS ASK le###build.net
- DNS ASK be##lxc.com
- DNS ASK le###iron.net
- DNS ASK fa###uild.net
- DNS ASK le###deal.net
- DNS ASK fa###eal.net
- DNS ASK le###roll.net
- DNS ASK fa###oll.net
- DNS ASK ri###nstorm.net
- DNS ASK mo###ugust.net
- DNS ASK mi###hown.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK ab###ell.net
- DNS ASK ca####nbring.net
- DNS ASK al###being.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK mo###iron.net
- DNS ASK we###oll.net
- DNS ASK st###deal.net
- DNS ASK we###uild.net
- DNS ASK st###roll.net
- DNS ASK we###eal.net
- DNS ASK af###build.net
- DNS ASK fo###build.net
- DNS ASK af###iron.net
- DNS ASK fo###iron.net
- DNS ASK st###build.net
- DNS ASK wa###uild.net
- DNS ASK mo###roll.net
- DNS ASK wa###ron.net
- DNS ASK mo###build.net
- DNS ASK wa###oll.net
- DNS ASK st###iron.net
- DNS ASK we###ron.net
- DNS ASK mo###deal.net
- DNS ASK wa###eal.net
- '23#.#55.255.250':1900