Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'File Scheduler Update Program Media' = '<SYSTEM32>\xyxhnoczl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Process Function Services Auto-Discovery Group] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\snbdvqh.exe' "<SYSTEM32>\xyxhnoczl.exe"
- '%WINDIR%\Temp\egkr6rz34d5dky.exe' -r 35144 tcp
- '%TEMP%\egkr6rz2z7ddkyvepdtul.exe'
- '<SYSTEM32>\xyxhnoczl.exe'
- <SYSTEM32>\svjjwaikyr\run
- <SYSTEM32>\svjjwaikyr\rng
- %WINDIR%\Temp\egkr6rz34d5dky.exe
- <SYSTEM32>\svjjwaikyr\cfg
- <SYSTEM32>\snbdvqh.exe
- %TEMP%\egkr6rz2z7ddkyvepdtul.exe
- <SYSTEM32>\svjjwaikyr\tst
- <SYSTEM32>\xyxhnoczl.exe
- <SYSTEM32>\svjjwaikyr\etc
- <SYSTEM32>\snbdvqh.exe
- <SYSTEM32>\xyxhnoczl.exe
- %WINDIR%\Temp\egkr6rz34d5dky.exe
- <DRIVERS>\etc\hosts
- %TEMP%\egkr6rz2z7ddkyvepdtul.exe
- 'sa###ull.net':80
- 'gl###ruit.net':80
- 'sp###ull.net':80
- 'sp###oise.net':80
- 'sa###oise.net':80
- 'gl###oise.net':80
- 'ta###noise.net':80
- 'ta###rise.net':80
- 'ta###fruit.net':80
- 'gl###ise.net':80
- 'wh###noise.net':80
- 'up###ull.net':80
- 'up###oise.net':80
- 'up###ise.net':80
- 'wh###rise.net':80
- 'sp###ise.net':80
- 'sa###ise.net':80
- 'sa###ruit.net':80
- 'wh###pull.net':80
- 'sp###ruit.net':80
- 'vi###rise.net':80
- 'sp###noise.net':80
- 'sp###rise.net':80
- 'sp###fruit.net':80
- 'vi###fruit.net':80
- 'wa###fruit.net':80
- 'fa###ruit.net':80
- 'vi###pull.net':80
- 'vi###noise.net':80
- 'sp###pull.net':80
- 'gr###fruit.net':80
- 'eq###rise.net':80
- 'eq###fruit.net':80
- 'gl###ull.net':80
- 'ta###pull.net':80
- 'eq###pull.net':80
- 'gr###pull.net':80
- 'gr###noise.net':80
- 'gr###rise.net':80
- 'eq###noise.net':80
- 'wi###ont.net':80
- 'de###unt.net':80
- 'jo###ont.net':80
- 'be##lxc.com':80
- 'wi###reat.net':80
- 'de###reat.net':80
- 'ro###reat.net':80
- 'ro###cene.net':80
- 'ro###unt.net':80
- 'de###cene.net':80
- 'mi###hown.net':80
- 'ab###ell.net':80
- 'mo###ugust.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'al###being.net':80
- 'ri###nstorm.net':80
- 'ca####nbring.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'so###rise.net':80
- 'ar###noise.net':80
- 'ar###rise.net':80
- 'ar###fruit.net':80
- 'so###fruit.net':80
- 'up###ruit.net':80
- 'wh###fruit.net':80
- 'so###pull.net':80
- 'so###noise.net':80
- 'ar###pull.net':80
- 'ma###unt.net':80
- 'wr###scene.net':80
- 'wr###aunt.net':80
- 'de###ont.net':80
- 'ro###ont.net':80
- 'wr###dont.net':80
- 'ma###ont.net':80
- 'ma###reat.net':80
- 'ma###cene.net':80
- 'wr###great.net':80
- http://sa###ull.net/index.php
- http://gl###ruit.net/index.php
- http://sp###ull.net/index.php
- http://sp###oise.net/index.php
- http://sa###oise.net/index.php
- http://gl###oise.net/index.php
- http://ta###noise.net/index.php
- http://ta###rise.net/index.php
- http://ta###fruit.net/index.php
- http://gl###ise.net/index.php
- http://wh###noise.net/index.php
- http://up###ull.net/index.php
- http://up###oise.net/index.php
- http://up###ise.net/index.php
- http://wh###rise.net/index.php
- http://sp###ise.net/index.php
- http://sa###ise.net/index.php
- http://sa###ruit.net/index.php
- http://wh###pull.net/index.php
- http://sp###ruit.net/index.php
- http://vi###rise.net/index.php
- http://sp###noise.net/index.php
- http://sp###rise.net/index.php
- http://sp###fruit.net/index.php
- http://vi###fruit.net/index.php
- http://wa###fruit.net/index.php
- http://fa###ruit.net/index.php
- http://vi###pull.net/index.php
- http://vi###noise.net/index.php
- http://sp###pull.net/index.php
- http://gr###fruit.net/index.php
- http://eq###rise.net/index.php
- http://eq###fruit.net/index.php
- http://gl###ull.net/index.php
- http://ta###pull.net/index.php
- http://eq###pull.net/index.php
- http://gr###pull.net/index.php
- http://gr###noise.net/index.php
- http://gr###rise.net/index.php
- http://eq###noise.net/index.php
- http://wi###ont.net/index.php
- http://de###unt.net/index.php
- http://jo###ont.net/index.php
- http://be##lxc.com/index.php
- http://wi###reat.net/index.php
- http://de###reat.net/index.php
- http://ro###reat.net/index.php
- http://ro###cene.net/index.php
- http://ro###unt.net/index.php
- http://de###cene.net/index.php
- http://mi###hown.net/index.php
- http://ab###ell.net/index.php
- http://mo###ugust.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://al###being.net/index.php
- http://ri###nstorm.net/index.php
- http://ca####nbring.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://so###rise.net/index.php
- http://ar###noise.net/index.php
- http://ar###rise.net/index.php
- http://ar###fruit.net/index.php
- http://so###fruit.net/index.php
- http://up###ruit.net/index.php
- http://wh###fruit.net/index.php
- http://so###pull.net/index.php
- http://so###noise.net/index.php
- http://ar###pull.net/index.php
- http://ma###unt.net/index.php
- http://wr###scene.net/index.php
- http://wr###aunt.net/index.php
- http://de###ont.net/index.php
- http://ro###ont.net/index.php
- http://wr###dont.net/index.php
- http://ma###ont.net/index.php
- http://ma###reat.net/index.php
- http://ma###cene.net/index.php
- http://wr###great.net/index.php
- DNS ASK sa###ull.net
- DNS ASK gl###ruit.net
- DNS ASK sp###ull.net
- DNS ASK sp###oise.net
- DNS ASK sa###oise.net
- DNS ASK gl###oise.net
- DNS ASK ta###noise.net
- DNS ASK ta###rise.net
- DNS ASK ta###fruit.net
- DNS ASK gl###ise.net
- DNS ASK wh###noise.net
- DNS ASK up###ull.net
- DNS ASK up###oise.net
- DNS ASK up###ise.net
- DNS ASK wh###rise.net
- DNS ASK sp###ise.net
- DNS ASK sa###ise.net
- DNS ASK sa###ruit.net
- DNS ASK wh###pull.net
- DNS ASK sp###ruit.net
- DNS ASK gl###ull.net
- DNS ASK sp###noise.net
- DNS ASK vi###noise.net
- DNS ASK vi###rise.net
- DNS ASK vi###fruit.net
- DNS ASK sp###rise.net
- DNS ASK fa###ruit.net
- DNS ASK wa###rise.net
- DNS ASK wa###fruit.net
- DNS ASK sp###pull.net
- DNS ASK vi###pull.net
- DNS ASK eq###rise.net
- DNS ASK gr###rise.net
- DNS ASK gr###fruit.net
- DNS ASK ta###pull.net
- DNS ASK eq###fruit.net
- DNS ASK gr###pull.net
- DNS ASK sp###fruit.net
- DNS ASK eq###pull.net
- DNS ASK eq###noise.net
- DNS ASK gr###noise.net
- DNS ASK wi###ont.net
- DNS ASK de###unt.net
- DNS ASK jo###ont.net
- DNS ASK be##lxc.com
- DNS ASK wi###reat.net
- DNS ASK de###reat.net
- DNS ASK ro###reat.net
- DNS ASK ro###cene.net
- DNS ASK ro###unt.net
- DNS ASK de###cene.net
- DNS ASK mi###hown.net
- DNS ASK ab###ell.net
- DNS ASK mo###ugust.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK al###being.net
- DNS ASK ri###nstorm.net
- DNS ASK ca####nbring.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK so###rise.net
- DNS ASK ar###noise.net
- DNS ASK ar###rise.net
- DNS ASK ar###fruit.net
- DNS ASK so###fruit.net
- DNS ASK up###ruit.net
- DNS ASK wh###fruit.net
- DNS ASK so###pull.net
- DNS ASK so###noise.net
- DNS ASK ar###pull.net
- DNS ASK ma###unt.net
- DNS ASK wr###scene.net
- DNS ASK wr###aunt.net
- DNS ASK de###ont.net
- DNS ASK ro###ont.net
- DNS ASK wr###dont.net
- DNS ASK ma###ont.net
- DNS ASK ma###reat.net
- DNS ASK ma###cene.net
- DNS ASK wr###great.net
- '23#.#55.255.250':1900