Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Center Configuration Firewall' = '<SYSTEM32>\dxbjxpbwubcn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\PNRP Bus Solutions Tracking Intelligent] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\hgfmboxotcrv.exe' "<SYSTEM32>\dxbjxpbwubcn.exe"
- '%WINDIR%\Temp\xspcfo3063dr.exe' -r 49158 tcp
- '%TEMP%\xspcfo2ra7drgyzqws.exe'
- '<SYSTEM32>\dxbjxpbwubcn.exe'
- <SYSTEM32>\naavydszmqpomk\run
- <SYSTEM32>\naavydszmqpomk\rng
- %WINDIR%\Temp\xspcfo3063dr.exe
- <SYSTEM32>\naavydszmqpomk\cfg
- <SYSTEM32>\hgfmboxotcrv.exe
- %TEMP%\xspcfo2ra7drgyzqws.exe
- <SYSTEM32>\naavydszmqpomk\tst
- <SYSTEM32>\dxbjxpbwubcn.exe
- <SYSTEM32>\naavydszmqpomk\etc
- <SYSTEM32>\hgfmboxotcrv.exe
- <SYSTEM32>\dxbjxpbwubcn.exe
- %WINDIR%\Temp\xspcfo3063dr.exe
- <DRIVERS>\etc\hosts
- %TEMP%\xspcfo2ra7drgyzqws.exe
- 'eq###wall.net':80
- 'gr###wall.net':80
- 'gr###other.net':80
- 'gr###forty.net':80
- 'eq###other.net':80
- 'sp###free.net':80
- 'sp###other.net':80
- 'vi###other.net':80
- 'vi###forty.net':80
- 'vi###free.net':80
- 'sp###forty.net':80
- 'ta###forty.net':80
- 'gl###ther.net':80
- 'gl###orty.net':80
- 'gl###ree.net':80
- 'ta###free.net':80
- 'ta###other.net':80
- 'gr###free.net':80
- 'eq###forty.net':80
- 'eq###free.net':80
- 'gl###all.net':80
- 'ta###wall.net':80
- 'dr###other.net':80
- 'th###ther.net':80
- 'th###orty.net':80
- 'th###ree.net':80
- 'dr###forty.net':80
- 'dr###wall.net':80
- 'hu###plain.net':80
- 'ha###lain.net':80
- 'ha###tep.net':80
- 'th###all.net':80
- 'hu###step.net':80
- 'fa###ree.net':80
- 'wa###forty.net':80
- 'wa###free.net':80
- 'sp###wall.net':80
- 'vi###wall.net':80
- 'fa###orty.net':80
- 'fa###all.net':80
- 'dr###free.net':80
- 'wa###wall.net':80
- 'wa###other.net':80
- 'fa###ther.net':80
- 'sa###all.net':80
- 'th###ncle.net':80
- 'dr###study.net':80
- 'dr###uncle.net':80
- 'wa###once.net':80
- 'fa###nce.net':80
- 'th###tudy.net':80
- 'th###nce.net':80
- 'ar###free.net':80
- 'dr###once.net':80
- 'dr###loss.net':80
- 'th###oss.net':80
- 'de###lxc.com':80
- 'vi###once.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'wa###uncle.net':80
- 'wa###loss.net':80
- 'fa###oss.net':80
- 'fa###tudy.net':80
- 'fa###ncle.net':80
- 'wa###study.net':80
- 'wh###wall.net':80
- 'sp###ree.net':80
- 'up###all.net':80
- 'up###ther.net':80
- 'wh###other.net':80
- 'sa###ree.net':80
- 'sa###ther.net':80
- 'sp###all.net':80
- 'sp###ther.net':80
- 'sp###orty.net':80
- 'sa###orty.net':80
- 'ar###other.net':80
- 'so###other.net':80
- 'so###forty.net':80
- 'so###free.net':80
- 'ar###forty.net':80
- 'ar###wall.net':80
- 'up###orty.net':80
- 'wh###forty.net':80
- 'wh###free.net':80
- 'so###wall.net':80
- 'up###ree.net':80
- http://eq###wall.net/index.php
- http://gr###wall.net/index.php
- http://gr###other.net/index.php
- http://gr###forty.net/index.php
- http://eq###other.net/index.php
- http://sp###free.net/index.php
- http://sp###other.net/index.php
- http://vi###other.net/index.php
- http://vi###forty.net/index.php
- http://vi###free.net/index.php
- http://sp###forty.net/index.php
- http://ta###forty.net/index.php
- http://gl###ther.net/index.php
- http://gl###orty.net/index.php
- http://gl###ree.net/index.php
- http://ta###free.net/index.php
- http://ta###other.net/index.php
- http://gr###free.net/index.php
- http://eq###forty.net/index.php
- http://eq###free.net/index.php
- http://gl###all.net/index.php
- http://ta###wall.net/index.php
- http://dr###other.net/index.php
- http://th###ther.net/index.php
- http://th###orty.net/index.php
- http://th###ree.net/index.php
- http://dr###forty.net/index.php
- http://dr###wall.net/index.php
- http://hu###plain.net/index.php
- http://ha###lain.net/index.php
- http://ha###tep.net/index.php
- http://th###all.net/index.php
- http://hu###step.net/index.php
- http://fa###ree.net/index.php
- http://wa###forty.net/index.php
- http://wa###free.net/index.php
- http://sp###wall.net/index.php
- http://vi###wall.net/index.php
- http://fa###orty.net/index.php
- http://fa###all.net/index.php
- http://dr###free.net/index.php
- http://wa###wall.net/index.php
- http://wa###other.net/index.php
- http://fa###ther.net/index.php
- http://sa###all.net/index.php
- http://th###ncle.net/index.php
- http://dr###study.net/index.php
- http://dr###uncle.net/index.php
- http://wa###once.net/index.php
- http://fa###nce.net/index.php
- http://th###tudy.net/index.php
- http://th###nce.net/index.php
- http://ar###free.net/index.php
- http://dr###once.net/index.php
- http://dr###loss.net/index.php
- http://th###oss.net/index.php
- http://de###lxc.com/index.php
- http://vi###once.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://wa###uncle.net/index.php
- http://wa###loss.net/index.php
- http://fa###oss.net/index.php
- http://fa###tudy.net/index.php
- http://fa###ncle.net/index.php
- http://wa###study.net/index.php
- http://wh###wall.net/index.php
- http://sp###ree.net/index.php
- http://up###all.net/index.php
- http://up###ther.net/index.php
- http://wh###other.net/index.php
- http://sa###ree.net/index.php
- http://sa###ther.net/index.php
- http://sp###all.net/index.php
- http://sp###ther.net/index.php
- http://sp###orty.net/index.php
- http://sa###orty.net/index.php
- http://ar###other.net/index.php
- http://so###other.net/index.php
- http://so###forty.net/index.php
- http://so###free.net/index.php
- http://ar###forty.net/index.php
- http://ar###wall.net/index.php
- http://up###orty.net/index.php
- http://wh###forty.net/index.php
- http://wh###free.net/index.php
- http://so###wall.net/index.php
- http://up###ree.net/index.php
- DNS ASK gr###other.net
- DNS ASK eq###wall.net
- DNS ASK eq###other.net
- DNS ASK eq###forty.net
- DNS ASK gr###forty.net
- DNS ASK gr###wall.net
- DNS ASK vi###forty.net
- DNS ASK sp###other.net
- DNS ASK sp###forty.net
- DNS ASK sp###free.net
- DNS ASK vi###free.net
- DNS ASK gl###orty.net
- DNS ASK ta###forty.net
- DNS ASK ta###free.net
- DNS ASK sa###all.net
- DNS ASK gl###ree.net
- DNS ASK gl###ther.net
- DNS ASK eq###free.net
- DNS ASK gr###free.net
- DNS ASK ta###wall.net
- DNS ASK ta###other.net
- DNS ASK gl###all.net
- DNS ASK vi###other.net
- DNS ASK dr###other.net
- DNS ASK th###ther.net
- DNS ASK th###orty.net
- DNS ASK th###ree.net
- DNS ASK dr###forty.net
- DNS ASK dr###wall.net
- DNS ASK hu###plain.net
- DNS ASK ha###lain.net
- DNS ASK ha###tep.net
- DNS ASK th###all.net
- DNS ASK hu###step.net
- DNS ASK fa###ree.net
- DNS ASK wa###forty.net
- DNS ASK wa###free.net
- DNS ASK sp###wall.net
- DNS ASK vi###wall.net
- DNS ASK fa###orty.net
- DNS ASK fa###all.net
- DNS ASK dr###free.net
- DNS ASK wa###wall.net
- DNS ASK wa###other.net
- DNS ASK fa###ther.net
- DNS ASK th###ncle.net
- DNS ASK dr###study.net
- DNS ASK dr###uncle.net
- DNS ASK wa###once.net
- DNS ASK fa###nce.net
- DNS ASK th###tudy.net
- DNS ASK th###nce.net
- DNS ASK ar###free.net
- DNS ASK dr###once.net
- DNS ASK dr###loss.net
- DNS ASK th###oss.net
- DNS ASK de###lxc.com
- DNS ASK vi###once.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK wa###uncle.net
- DNS ASK wa###loss.net
- DNS ASK fa###oss.net
- DNS ASK fa###tudy.net
- DNS ASK fa###ncle.net
- DNS ASK wa###study.net
- DNS ASK wh###wall.net
- DNS ASK sp###ree.net
- DNS ASK up###all.net
- DNS ASK up###ther.net
- DNS ASK wh###other.net
- DNS ASK sa###ree.net
- DNS ASK sa###ther.net
- DNS ASK sp###all.net
- DNS ASK sp###ther.net
- DNS ASK sp###orty.net
- DNS ASK sa###orty.net
- DNS ASK ar###other.net
- DNS ASK so###other.net
- DNS ASK so###forty.net
- DNS ASK so###free.net
- DNS ASK ar###forty.net
- DNS ASK ar###wall.net
- DNS ASK up###orty.net
- DNS ASK wh###forty.net
- DNS ASK wh###free.net
- DNS ASK so###wall.net
- DNS ASK up###ree.net
- '23#.#55.255.250':1900