Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Base Time Quality Topology' = '<SYSTEM32>\qodnfdpu.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Web Mapper Adapter Assistant Log Input] 'ImagePath' = '<SYSTEM32>\qodnfdpu.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Web Mapper Adapter Assistant Log Input] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\gtmrrxydh.exe' "<SYSTEM32>\qodnfdpu.exe"
- '%WINDIR%\Temp\rldeuwzg2lirhnimk.exe' -r 37198 tcp
- '%TEMP%\rldeuwzg2h1qhnimklp77wry.exe'
- '<SYSTEM32>\qodnfdpu.exe'
- <SYSTEM32>\dfzajqaxobxy\run
- <SYSTEM32>\dfzajqaxobxy\rng
- %WINDIR%\Temp\rldeuwzg2lirhnimk.exe
- <SYSTEM32>\dfzajqaxobxy\cfg
- <SYSTEM32>\gtmrrxydh.exe
- %TEMP%\rldeuwzg2h1qhnimklp77wry.exe
- <SYSTEM32>\dfzajqaxobxy\tst
- <SYSTEM32>\qodnfdpu.exe
- <SYSTEM32>\dfzajqaxobxy\etc
- <SYSTEM32>\gtmrrxydh.exe
- <SYSTEM32>\qodnfdpu.exe
- %WINDIR%\Temp\rldeuwzg2lirhnimk.exe
- <DRIVERS>\etc\hosts
- %TEMP%\rldeuwzg2h1qhnimklp77wry.exe
- 'mo###child.net':80
- 'wa###hild.net':80
- 'mo###about.net':80
- 'wa###bout.net':80
- 'mo###into.net':80
- 'wa###lace.net':80
- 'st###about.net':80
- 'wa###nto.net':80
- 'mo###place.net':80
- 'fa###lace.net':80
- 'le###about.net':80
- 'fa###bout.net':80
- 'bo###lace.net':80
- 'ga###lace.net':80
- 'le###child.net':80
- 'fa###nto.net':80
- 'le###place.net':80
- 'fa###hild.net':80
- 'le###into.net':80
- 'we###bout.net':80
- 'af###place.net':80
- 'fo###place.net':80
- 'af###into.net':80
- 'fo###into.net':80
- 'se###bout.net':80
- 'we####daychild.net':80
- 'se###nto.net':80
- 'we####dayabout.net':80
- 'se###hild.net':80
- 'fo###child.net':80
- 'st###into.net':80
- 'we###nto.net':80
- 'st###child.net':80
- 'we###hild.net':80
- 'st###place.net':80
- 'fo###about.net':80
- 'af###child.net':80
- 'we###lace.net':80
- 'af###about.net':80
- 'we#####aytomorrow.net':80
- 'se###ide.net':80
- 'be##lxc.com':80
- 'se####morrow.net':80
- 'we####daywide.net':80
- 'dr###lower.net':80
- 'na###ower.net':80
- 'se###iss.net':80
- 'we####daykiss.net':80
- 'ri###nstorm.net':80
- 'mo###ugust.net':80
- 'mi###hown.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'ab###ell.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'dr####omorrow.net':80
- 'qu###place.net':80
- 'bo###bout.net':80
- 'qu###into.net':80
- 'fi###place.net':80
- 'ga###bout.net':80
- 'bo###nto.net':80
- 'ga###nto.net':80
- 'bo###hild.net':80
- 'ga###hild.net':80
- 'fi###into.net':80
- 'na###ide.net':80
- 'dr###kiss.net':80
- 'na####morrow.net':80
- 'dr###wide.net':80
- 'na###iss.net':80
- 'fi###child.net':80
- 'qu###child.net':80
- 'fi###about.net':80
- 'qu###about.net':80
- http://mo###child.net/index.php
- http://wa###hild.net/index.php
- http://mo###about.net/index.php
- http://wa###bout.net/index.php
- http://mo###into.net/index.php
- http://wa###lace.net/index.php
- http://st###about.net/index.php
- http://wa###nto.net/index.php
- http://mo###place.net/index.php
- http://fa###lace.net/index.php
- http://le###about.net/index.php
- http://fa###bout.net/index.php
- http://bo###lace.net/index.php
- http://ga###lace.net/index.php
- http://le###child.net/index.php
- http://fa###nto.net/index.php
- http://le###place.net/index.php
- http://fa###hild.net/index.php
- http://le###into.net/index.php
- http://we###bout.net/index.php
- http://af###place.net/index.php
- http://fo###place.net/index.php
- http://af###into.net/index.php
- http://fo###into.net/index.php
- http://se###bout.net/index.php
- http://we####daychild.net/index.php
- http://se###nto.net/index.php
- http://we####dayabout.net/index.php
- http://se###hild.net/index.php
- http://fo###child.net/index.php
- http://st###into.net/index.php
- http://we###nto.net/index.php
- http://st###child.net/index.php
- http://we###hild.net/index.php
- http://st###place.net/index.php
- http://fo###about.net/index.php
- http://af###child.net/index.php
- http://we###lace.net/index.php
- http://af###about.net/index.php
- http://we#####aytomorrow.net/index.php
- http://se###ide.net/index.php
- http://be##lxc.com/index.php
- http://se####morrow.net/index.php
- http://we####daywide.net/index.php
- http://dr###lower.net/index.php
- http://na###ower.net/index.php
- http://se###iss.net/index.php
- http://we####daykiss.net/index.php
- http://ri###nstorm.net/index.php
- http://mo###ugust.net/index.php
- http://mi###hown.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://ab###ell.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://dr####omorrow.net/index.php
- http://qu###place.net/index.php
- http://bo###bout.net/index.php
- http://qu###into.net/index.php
- http://fi###place.net/index.php
- http://ga###bout.net/index.php
- http://bo###nto.net/index.php
- http://ga###nto.net/index.php
- http://bo###hild.net/index.php
- http://ga###hild.net/index.php
- http://fi###into.net/index.php
- http://na###ide.net/index.php
- http://dr###kiss.net/index.php
- http://na####morrow.net/index.php
- http://dr###wide.net/index.php
- http://na###iss.net/index.php
- http://fi###child.net/index.php
- http://qu###child.net/index.php
- http://fi###about.net/index.php
- http://qu###about.net/index.php
- DNS ASK wa###hild.net
- DNS ASK mo###into.net
- DNS ASK mo###child.net
- DNS ASK mo###about.net
- DNS ASK wa###bout.net
- DNS ASK st###about.net
- DNS ASK we###bout.net
- DNS ASK wa###lace.net
- DNS ASK wa###nto.net
- DNS ASK mo###place.net
- DNS ASK fa###bout.net
- DNS ASK le###child.net
- DNS ASK le###about.net
- DNS ASK bo###lace.net
- DNS ASK ga###lace.net
- DNS ASK le###place.net
- DNS ASK fa###lace.net
- DNS ASK fa###nto.net
- DNS ASK fa###hild.net
- DNS ASK le###into.net
- DNS ASK fo###place.net
- DNS ASK se###bout.net
- DNS ASK af###place.net
- DNS ASK af###into.net
- DNS ASK fo###into.net
- DNS ASK se###nto.net
- DNS ASK we####dayinto.net
- DNS ASK we####daychild.net
- DNS ASK we####dayabout.net
- DNS ASK se###hild.net
- DNS ASK we###nto.net
- DNS ASK st###place.net
- DNS ASK st###into.net
- DNS ASK st###child.net
- DNS ASK we###hild.net
- DNS ASK af###child.net
- DNS ASK fo###child.net
- DNS ASK fo###about.net
- DNS ASK we###lace.net
- DNS ASK af###about.net
- DNS ASK we#####aytomorrow.net
- DNS ASK se###ide.net
- DNS ASK be##lxc.com
- DNS ASK se####morrow.net
- DNS ASK we####daywide.net
- DNS ASK dr###lower.net
- DNS ASK na###ower.net
- DNS ASK se###iss.net
- DNS ASK we####daykiss.net
- DNS ASK ri###nstorm.net
- DNS ASK mo###ugust.net
- DNS ASK mi###hown.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK ab###ell.net
- DNS ASK ca####nbring.net
- DNS ASK al###being.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK dr####omorrow.net
- DNS ASK qu###place.net
- DNS ASK bo###bout.net
- DNS ASK qu###into.net
- DNS ASK fi###place.net
- DNS ASK ga###bout.net
- DNS ASK bo###nto.net
- DNS ASK ga###nto.net
- DNS ASK bo###hild.net
- DNS ASK ga###hild.net
- DNS ASK fi###into.net
- DNS ASK na###ide.net
- DNS ASK dr###kiss.net
- DNS ASK na####morrow.net
- DNS ASK dr###wide.net
- DNS ASK na###iss.net
- DNS ASK fi###child.net
- DNS ASK qu###child.net
- DNS ASK fi###about.net
- DNS ASK qu###about.net
- '23#.#55.255.250':1900