Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Connection TCP/IP Media Coordinator' = '<SYSTEM32>\heaelwhlv.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\ActiveX Machine Config Locator Socket Call] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\yskawbweve.exe' "<SYSTEM32>\heaelwhlv.exe"
- '%WINDIR%\Temp\b3tv4hn3au7rwksh.exe' -r 49366 tcp
- '%TEMP%\b3tv4hn36e2rwkshrzs39e.exe'
- '<SYSTEM32>\heaelwhlv.exe'
- <SYSTEM32>\smoanvaxxpv\run
- <SYSTEM32>\smoanvaxxpv\rng
- %WINDIR%\Temp\b3tv4hn3au7rwksh.exe
- <SYSTEM32>\smoanvaxxpv\cfg
- <SYSTEM32>\yskawbweve.exe
- %TEMP%\b3tv4hn36e2rwkshrzs39e.exe
- <SYSTEM32>\smoanvaxxpv\tst
- <SYSTEM32>\heaelwhlv.exe
- <SYSTEM32>\smoanvaxxpv\etc
- <SYSTEM32>\yskawbweve.exe
- <SYSTEM32>\heaelwhlv.exe
- %WINDIR%\Temp\b3tv4hn3au7rwksh.exe
- <DRIVERS>\etc\hosts
- %TEMP%\b3tv4hn36e2rwkshrzs39e.exe
- 'wi###ive.net':80
- 'dr###eight.net':80
- 'wi###oice.net':80
- 'dr###five.net':80
- 'wi###ight.net':80
- 'kn###unt.net':80
- 'ab###unt.net':80
- 'dr###they.net':80
- 'wi###hey.net':80
- 'dr###voice.net':80
- 'lo###ight.net':80
- 'fe###hey.net':80
- 'lo###ive.net':80
- 'fe###ight.net':80
- 'lo###hey.net':80
- 'th###eight.net':80
- 'th###they.net':80
- 'th###voice.net':80
- 'th###five.net':80
- 'kn###cene.net':80
- 'so###ont.net':80
- 'ro###unt.net':80
- 'so###reat.net':80
- 'pi###ont.net':80
- 'si###unt.net':80
- 'ro###reat.net':80
- 'si###reat.net':80
- 'ro###cene.net':80
- 'si###cene.net':80
- 'pi###reat.net':80
- 'ab###reat.net':80
- 'kn###ont.net':80
- 'ab###cene.net':80
- 'kn###reat.net':80
- 'ab###ont.net':80
- 'pi###cene.net':80
- 'so###cene.net':80
- 'pi###unt.net':80
- 'so###unt.net':80
- 'fe###ive.net':80
- 'so###hey.net':80
- 'ro###oice.net':80
- 'be##lxc.com':80
- 'pi###hey.net':80
- 'si###oice.net':80
- 'ro###ight.net':80
- 'si###ight.net':80
- 'ro###ive.net':80
- 'si###ive.net':80
- 'ri###nstorm.net':80
- 'mo###ugust.net':80
- 'mi###hown.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'ab###ell.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'ro###hey.net':80
- 'wh###ive.net':80
- 'hi###ight.net':80
- 'wh###oice.net':80
- 'hi###ive.net':80
- 'wh###ight.net':80
- 'fe###oice.net':80
- 'lo###oice.net':80
- 'hi###hey.net':80
- 'wh###hey.net':80
- 'hi###oice.net':80
- 'ju###oice.net':80
- 'mo###ive.net':80
- 'si###hey.net':80
- 'mo###oice.net':80
- 'ju###ive.net':80
- 'mo###hey.net':80
- 'ju###hey.net':80
- 'mo###ight.net':80
- 'ju###ight.net':80
- http://wi###ive.net/index.php
- http://dr###eight.net/index.php
- http://wi###oice.net/index.php
- http://dr###five.net/index.php
- http://wi###ight.net/index.php
- http://kn###unt.net/index.php
- http://ab###unt.net/index.php
- http://dr###they.net/index.php
- http://wi###hey.net/index.php
- http://dr###voice.net/index.php
- http://lo###ight.net/index.php
- http://fe###hey.net/index.php
- http://lo###ive.net/index.php
- http://fe###ight.net/index.php
- http://lo###hey.net/index.php
- http://th###eight.net/index.php
- http://th###they.net/index.php
- http://th###voice.net/index.php
- http://th###five.net/index.php
- http://kn###cene.net/index.php
- http://so###ont.net/index.php
- http://ro###unt.net/index.php
- http://so###reat.net/index.php
- http://pi###ont.net/index.php
- http://si###unt.net/index.php
- http://ro###reat.net/index.php
- http://si###reat.net/index.php
- http://ro###cene.net/index.php
- http://si###cene.net/index.php
- http://pi###reat.net/index.php
- http://ab###reat.net/index.php
- http://kn###ont.net/index.php
- http://ab###cene.net/index.php
- http://kn###reat.net/index.php
- http://ab###ont.net/index.php
- http://pi###cene.net/index.php
- http://so###cene.net/index.php
- http://pi###unt.net/index.php
- http://so###unt.net/index.php
- http://fe###ive.net/index.php
- http://so###hey.net/index.php
- http://ro###oice.net/index.php
- http://be##lxc.com/index.php
- http://pi###hey.net/index.php
- http://si###oice.net/index.php
- http://ro###ight.net/index.php
- http://si###ight.net/index.php
- http://ro###ive.net/index.php
- http://si###ive.net/index.php
- http://ri###nstorm.net/index.php
- http://mo###ugust.net/index.php
- http://mi###hown.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://ab###ell.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://ro###hey.net/index.php
- http://wh###ive.net/index.php
- http://hi###ight.net/index.php
- http://wh###oice.net/index.php
- http://hi###ive.net/index.php
- http://wh###ight.net/index.php
- http://fe###oice.net/index.php
- http://lo###oice.net/index.php
- http://hi###hey.net/index.php
- http://wh###hey.net/index.php
- http://hi###oice.net/index.php
- http://ju###oice.net/index.php
- http://mo###ive.net/index.php
- http://si###hey.net/index.php
- http://mo###oice.net/index.php
- http://ju###ive.net/index.php
- http://mo###hey.net/index.php
- http://ju###hey.net/index.php
- http://mo###ight.net/index.php
- http://ju###ight.net/index.php
- DNS ASK dr###eight.net
- DNS ASK wi###ight.net
- DNS ASK wi###ive.net
- DNS ASK wi###oice.net
- DNS ASK dr###five.net
- DNS ASK ab###unt.net
- DNS ASK kn###cene.net
- DNS ASK kn###unt.net
- DNS ASK dr###they.net
- DNS ASK wi###hey.net
- DNS ASK fe###hey.net
- DNS ASK lo###hey.net
- DNS ASK lo###ight.net
- DNS ASK lo###ive.net
- DNS ASK fe###ight.net
- DNS ASK th###they.net
- DNS ASK dr###voice.net
- DNS ASK th###eight.net
- DNS ASK th###voice.net
- DNS ASK th###five.net
- DNS ASK ro###unt.net
- DNS ASK si###unt.net
- DNS ASK so###ont.net
- DNS ASK so###reat.net
- DNS ASK pi###ont.net
- DNS ASK si###reat.net
- DNS ASK ro###ont.net
- DNS ASK ro###reat.net
- DNS ASK ro###cene.net
- DNS ASK si###cene.net
- DNS ASK kn###ont.net
- DNS ASK ab###ont.net
- DNS ASK ab###reat.net
- DNS ASK ab###cene.net
- DNS ASK kn###reat.net
- DNS ASK so###cene.net
- DNS ASK pi###reat.net
- DNS ASK pi###cene.net
- DNS ASK pi###unt.net
- DNS ASK so###unt.net
- DNS ASK fe###ive.net
- DNS ASK so###hey.net
- DNS ASK ro###oice.net
- DNS ASK be##lxc.com
- DNS ASK pi###hey.net
- DNS ASK si###oice.net
- DNS ASK ro###ight.net
- DNS ASK si###ight.net
- DNS ASK ro###ive.net
- DNS ASK si###ive.net
- DNS ASK ri###nstorm.net
- DNS ASK mo###ugust.net
- DNS ASK mi###hown.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK ab###ell.net
- DNS ASK ca####nbring.net
- DNS ASK al###being.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK ro###hey.net
- DNS ASK wh###ive.net
- DNS ASK hi###ight.net
- DNS ASK wh###oice.net
- DNS ASK hi###ive.net
- DNS ASK wh###ight.net
- DNS ASK fe###oice.net
- DNS ASK lo###oice.net
- DNS ASK hi###hey.net
- DNS ASK wh###hey.net
- DNS ASK hi###oice.net
- DNS ASK ju###oice.net
- DNS ASK mo###ive.net
- DNS ASK si###hey.net
- DNS ASK mo###oice.net
- DNS ASK ju###ive.net
- DNS ASK mo###hey.net
- DNS ASK ju###hey.net
- DNS ASK mo###ight.net
- DNS ASK ju###ight.net
- '23#.#55.255.250':1900