Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Input IP Backup Health Audio Fax' = '<SYSTEM32>\yxpwcfdj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Port Controls Location Visual Browser Manager] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\pwipdosxi.exe' "<SYSTEM32>\yxpwcfdj.exe"
- '%WINDIR%\Temp\ctnifp3ai2smpf.exe' -r 38875 tcp
- '%TEMP%\ctnifp35hismpfrzpp6py.exe'
- '<SYSTEM32>\yxpwcfdj.exe'
- <SYSTEM32>\rhnethp\run
- <SYSTEM32>\rhnethp\rng
- %WINDIR%\Temp\ctnifp3ai2smpf.exe
- <SYSTEM32>\rhnethp\cfg
- <SYSTEM32>\pwipdosxi.exe
- %TEMP%\ctnifp35hismpfrzpp6py.exe
- <SYSTEM32>\rhnethp\tst
- <SYSTEM32>\yxpwcfdj.exe
- <SYSTEM32>\rhnethp\etc
- <SYSTEM32>\pwipdosxi.exe
- <SYSTEM32>\yxpwcfdj.exe
- %WINDIR%\Temp\ctnifp3ai2smpf.exe
- <DRIVERS>\etc\hosts
- %TEMP%\ctnifp35hismpfrzpp6py.exe
- 'wh###one.net':80
- 'fe###oes.net':80
- 'hi###one.net':80
- 'hi###ight.net':80
- 'wh###ight.net':80
- 'fe###ight.net':80
- 'lo###ight.net':80
- 'lo###ool.net':80
- 'lo###oes.net':80
- 'fe###ool.net':80
- 'ju###ight.net':80
- 'mo###one.net':80
- 'mo###ight.net':80
- 'mo###ool.net':80
- 'ju###ool.net':80
- 'hi###ool.net':80
- 'wh###ool.net':80
- 'wh###oes.net':80
- 'ju###one.net':80
- 'hi###oes.net':80
- 'wi###one.net':80
- 'kn###oad.net':80
- 'dr###gone.net':80
- 'dr###light.net':80
- 'wi###ight.net':80
- 'kn###ore.net':80
- 'ab###ore.net':80
- 'ab###ail.net':80
- 'ab###oad.net':80
- 'kn###ail.net':80
- 'th###fool.net':80
- 'th###light.net':80
- 'th###goes.net':80
- 'fe###one.net':80
- 'lo###one.net':80
- 'dr###fool.net':80
- 'wi###ool.net':80
- 'wi###oes.net':80
- 'th###gone.net':80
- 'dr###goes.net':80
- 'ju###oes.net':80
- 'dr###easy.net':80
- 'wi###asy.net':80
- 'wi#####siderable.net':80
- 'wi###est.net':80
- 'dr#####nsiderable.net':80
- 'ab###ool.net':80
- 'kn###ight.net':80
- 'kn###ool.net':80
- 'kn###oes.net':80
- 'ab###oes.net':80
- 'de###lxc.com':80
- 'lo#####siderable.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'wi###hem.net':80
- 'dr###best.net':80
- 'dr###them.net':80
- 'th###easy.net':80
- 'lo###asy.net':80
- 'ro###ool.net':80
- 'si###ool.net':80
- 'si###oes.net':80
- 'so###one.net':80
- 'ro###oes.net':80
- 'si###one.net':80
- 'mo###oes.net':80
- 'ro###one.net':80
- 'ro###ight.net':80
- 'si###ight.net':80
- 'pi###oes.net':80
- 'so###oes.net':80
- 'ab###one.net':80
- 'ab###ight.net':80
- 'kn###one.net':80
- 'so###ight.net':80
- 'pi###one.net':80
- 'pi###ight.net':80
- 'pi###ool.net':80
- 'so###ool.net':80
- http://wh###one.net/index.php
- http://fe###oes.net/index.php
- http://hi###one.net/index.php
- http://hi###ight.net/index.php
- http://wh###ight.net/index.php
- http://fe###ight.net/index.php
- http://lo###ight.net/index.php
- http://lo###ool.net/index.php
- http://lo###oes.net/index.php
- http://fe###ool.net/index.php
- http://ju###ight.net/index.php
- http://mo###one.net/index.php
- http://mo###ight.net/index.php
- http://mo###ool.net/index.php
- http://ju###ool.net/index.php
- http://hi###ool.net/index.php
- http://wh###ool.net/index.php
- http://wh###oes.net/index.php
- http://ju###one.net/index.php
- http://hi###oes.net/index.php
- http://wi###one.net/index.php
- http://kn###oad.net/index.php
- http://dr###gone.net/index.php
- http://dr###light.net/index.php
- http://wi###ight.net/index.php
- http://kn###ore.net/index.php
- http://ab###ore.net/index.php
- http://ab###ail.net/index.php
- http://ab###oad.net/index.php
- http://kn###ail.net/index.php
- http://th###fool.net/index.php
- http://th###light.net/index.php
- http://th###goes.net/index.php
- http://fe###one.net/index.php
- http://lo###one.net/index.php
- http://dr###fool.net/index.php
- http://wi###ool.net/index.php
- http://wi###oes.net/index.php
- http://th###gone.net/index.php
- http://dr###goes.net/index.php
- http://ju###oes.net/index.php
- http://dr###easy.net/index.php
- http://wi###asy.net/index.php
- http://wi#####siderable.net/index.php
- http://wi###est.net/index.php
- http://dr#####nsiderable.net/index.php
- http://ab###ool.net/index.php
- http://kn###ight.net/index.php
- http://kn###ool.net/index.php
- http://kn###oes.net/index.php
- http://ab###oes.net/index.php
- http://de###lxc.com/index.php
- http://lo#####siderable.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://wi###hem.net/index.php
- http://dr###best.net/index.php
- http://dr###them.net/index.php
- http://th###easy.net/index.php
- http://lo###asy.net/index.php
- http://ro###ool.net/index.php
- http://si###ool.net/index.php
- http://si###oes.net/index.php
- http://so###one.net/index.php
- http://ro###oes.net/index.php
- http://si###one.net/index.php
- http://mo###oes.net/index.php
- http://ro###one.net/index.php
- http://ro###ight.net/index.php
- http://si###ight.net/index.php
- http://pi###oes.net/index.php
- http://so###oes.net/index.php
- http://ab###one.net/index.php
- http://ab###ight.net/index.php
- http://kn###one.net/index.php
- http://so###ight.net/index.php
- http://pi###one.net/index.php
- http://pi###ight.net/index.php
- http://pi###ool.net/index.php
- http://so###ool.net/index.php
- DNS ASK wh###one.net
- DNS ASK fe###oes.net
- DNS ASK hi###one.net
- DNS ASK hi###ight.net
- DNS ASK wh###ight.net
- DNS ASK fe###ight.net
- DNS ASK lo###ight.net
- DNS ASK lo###ool.net
- DNS ASK lo###oes.net
- DNS ASK fe###ool.net
- DNS ASK ju###ight.net
- DNS ASK mo###one.net
- DNS ASK mo###ight.net
- DNS ASK mo###ool.net
- DNS ASK ju###ool.net
- DNS ASK hi###ool.net
- DNS ASK wh###ool.net
- DNS ASK wh###oes.net
- DNS ASK ju###one.net
- DNS ASK hi###oes.net
- DNS ASK fe###one.net
- DNS ASK kn###oad.net
- DNS ASK ab###oad.net
- DNS ASK wi###one.net
- DNS ASK wi###ight.net
- DNS ASK dr###gone.net
- DNS ASK ab###ore.net
- DNS ASK kn###here.net
- DNS ASK kn###ore.net
- DNS ASK kn###ail.net
- DNS ASK ab###ail.net
- DNS ASK th###light.net
- DNS ASK th###gone.net
- DNS ASK th###fool.net
- DNS ASK lo###one.net
- DNS ASK th###goes.net
- DNS ASK wi###ool.net
- DNS ASK dr###light.net
- DNS ASK dr###fool.net
- DNS ASK dr###goes.net
- DNS ASK wi###oes.net
- DNS ASK ju###oes.net
- DNS ASK dr###easy.net
- DNS ASK wi###asy.net
- DNS ASK wi#####siderable.net
- DNS ASK wi###est.net
- DNS ASK dr#####nsiderable.net
- DNS ASK ab###ool.net
- DNS ASK kn###ight.net
- DNS ASK kn###ool.net
- DNS ASK kn###oes.net
- DNS ASK ab###oes.net
- DNS ASK de###lxc.com
- DNS ASK lo#####siderable.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK wi###hem.net
- DNS ASK dr###best.net
- DNS ASK dr###them.net
- DNS ASK th###easy.net
- DNS ASK lo###asy.net
- DNS ASK ro###ool.net
- DNS ASK si###ool.net
- DNS ASK si###oes.net
- DNS ASK so###one.net
- DNS ASK ro###oes.net
- DNS ASK si###one.net
- DNS ASK mo###oes.net
- DNS ASK ro###one.net
- DNS ASK ro###ight.net
- DNS ASK si###ight.net
- DNS ASK pi###oes.net
- DNS ASK so###oes.net
- DNS ASK ab###one.net
- DNS ASK ab###ight.net
- DNS ASK kn###one.net
- DNS ASK so###ight.net
- DNS ASK pi###one.net
- DNS ASK pi###ight.net
- DNS ASK pi###ool.net
- DNS ASK so###ool.net
- '23#.#55.255.250':1900