Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Task Publication Multimedia Audio Spooler Net.Tcp' = '<SYSTEM32>\wjtfgpgj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Plug Defragmenter Enumerator BitLocker Log] 'ImagePath' = '<SYSTEM32>\wjtfgpgj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Plug Defragmenter Enumerator BitLocker Log] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\olkymvunq.exe' "<SYSTEM32>\wjtfgpgj.exe"
- '%WINDIR%\Temp\rujfffwa2uttosxts.exe' -r 22530 tcp
- 'C:\Documents and Settings\%USERNAME%\Local Settings\Temp\rujfffwa2ncaosxtsczpin2k3.exe'
- '<SYSTEM32>\wjtfgpgj.exe'
- <SYSTEM32>\kcwttfsp\run
- <SYSTEM32>\kcwttfsp\rng
- %WINDIR%\Temp\rujfffwa2uttosxts.exe
- <SYSTEM32>\kcwttfsp\cfg
- <SYSTEM32>\olkymvunq.exe
- C:\Documents and Settings\%USERNAME%\Local Settings\Temp\rujfffwa2ncaosxtsczpin2k3.exe
- <SYSTEM32>\kcwttfsp\tst
- <SYSTEM32>\wjtfgpgj.exe
- <SYSTEM32>\kcwttfsp\etc
- <SYSTEM32>\olkymvunq.exe
- <SYSTEM32>\wjtfgpgj.exe
- %WINDIR%\Temp\rujfffwa2uttosxts.exe
- <DRIVERS>\etc\hosts
- C:\Documents and Settings\%USERNAME%\Local Settings\Temp\rujfffwa2ncaosxtsczpin2k3.exe
- 'ga###ure.net':80
- 'bo###ause.net':80
- 'bo###ure.net':80
- 'fi###back.net':80
- 'qu###back.net':80
- 'bo###ack.net':80
- 'ga###ack.net':80
- 'ga###hot.net':80
- 'ga###ause.net':80
- 'bo###hot.net':80
- 'na###hirt.net':80
- 'fi###sure.net':80
- 'dr###shirt.net':80
- 'dr###talk.net':80
- 'na###alk.net':80
- 'fi###shot.net':80
- 'qu###shot.net':80
- 'qu###cause.net':80
- 'qu###sure.net':80
- 'fi###cause.net':80
- 'le###sure.net':80
- 'mo###back.net':80
- 'wa###ack.net':80
- 'wa###hot.net':80
- 'wa###ause.net':80
- 'mo###shot.net':80
- 'we###ause.net':80
- 'st###shot.net':80
- 'st###cause.net':80
- 'st###sure.net':80
- 'we###ure.net':80
- 'le###shot.net':80
- 'fa###hot.net':80
- 'fa###ause.net':80
- 'fa###ure.net':80
- 'le###cause.net':80
- 'wa###ure.net':80
- 'mo###cause.net':80
- 'mo###sure.net':80
- 'le###back.net':80
- 'fa###ack.net':80
- 'st###wash.net':80
- 'we###ash.net':80
- 'ri###nstorm.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'we###alk.net':80
- 'st###shirt.net':80
- 'st###talk.net':80
- 'st###below.net':80
- 'we###elow.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'jo####ymeasure.net':80
- 'ef###tbuilt.net':80
- 'th###while.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'ab###ell.net':80
- 'mo###ugust.net':80
- 'mi###hown.net':80
- 'we###hirt.net':80
- 'we####daytalk.net':80
- 'se###hirt.net':80
- 'se###alk.net':80
- 'se###elow.net':80
- 'we####daybelow.net':80
- 'dr###below.net':80
- 'na###elow.net':80
- 'na###ash.net':80
- 'we####dayshirt.net':80
- 'dr###wash.net':80
- 'fo###below.net':80
- 'af###talk.net':80
- 'af###below.net':80
- 'af###wash.net':80
- 'fo###wash.net':80
- 'se###ash.net':80
- 'we####daywash.net':80
- 'fo###shirt.net':80
- 'fo###talk.net':80
- 'af###shirt.net':80
- http://ga###ure.net/index.php
- http://bo###ause.net/index.php
- http://bo###ure.net/index.php
- http://fi###back.net/index.php
- http://qu###back.net/index.php
- http://bo###ack.net/index.php
- http://ga###ack.net/index.php
- http://ga###hot.net/index.php
- http://ga###ause.net/index.php
- http://bo###hot.net/index.php
- http://na###hirt.net/index.php
- http://fi###sure.net/index.php
- http://dr###shirt.net/index.php
- http://dr###talk.net/index.php
- http://na###alk.net/index.php
- http://fi###shot.net/index.php
- http://qu###shot.net/index.php
- http://qu###cause.net/index.php
- http://qu###sure.net/index.php
- http://fi###cause.net/index.php
- http://le###sure.net/index.php
- http://mo###back.net/index.php
- http://wa###ack.net/index.php
- http://wa###hot.net/index.php
- http://wa###ause.net/index.php
- http://mo###shot.net/index.php
- http://we###ause.net/index.php
- http://st###shot.net/index.php
- http://st###cause.net/index.php
- http://st###sure.net/index.php
- http://we###ure.net/index.php
- http://le###shot.net/index.php
- http://fa###hot.net/index.php
- http://fa###ause.net/index.php
- http://fa###ure.net/index.php
- http://le###cause.net/index.php
- http://wa###ure.net/index.php
- http://mo###cause.net/index.php
- http://mo###sure.net/index.php
- http://le###back.net/index.php
- http://fa###ack.net/index.php
- http://st###wash.net/index.php
- http://we###ash.net/index.php
- http://ri###nstorm.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://we###alk.net/index.php
- http://st###shirt.net/index.php
- http://st###talk.net/index.php
- http://st###below.net/index.php
- http://we###elow.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://jo####ymeasure.net/index.php
- http://ef###tbuilt.net/index.php
- http://th###while.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://ab###ell.net/index.php
- http://mo###ugust.net/index.php
- http://mi###hown.net/index.php
- http://we###hirt.net/index.php
- http://we####daytalk.net/index.php
- http://se###hirt.net/index.php
- http://se###alk.net/index.php
- http://se###elow.net/index.php
- http://we####daybelow.net/index.php
- http://dr###below.net/index.php
- http://na###elow.net/index.php
- http://na###ash.net/index.php
- http://we####dayshirt.net/index.php
- http://dr###wash.net/index.php
- http://fo###below.net/index.php
- http://af###talk.net/index.php
- http://af###below.net/index.php
- http://af###wash.net/index.php
- http://fo###wash.net/index.php
- http://se###ash.net/index.php
- http://we####daywash.net/index.php
- http://fo###shirt.net/index.php
- http://fo###talk.net/index.php
- http://af###shirt.net/index.php
- DNS ASK bo###ause.net
- DNS ASK ga###ause.net
- DNS ASK ga###ure.net
- DNS ASK qu###back.net
- DNS ASK bo###ure.net
- DNS ASK ga###ack.net
- DNS ASK le###sure.net
- DNS ASK bo###ack.net
- DNS ASK bo###hot.net
- DNS ASK ga###hot.net
- DNS ASK fi###back.net
- DNS ASK na###hirt.net
- DNS ASK fi###sure.net
- DNS ASK dr###shirt.net
- DNS ASK dr###talk.net
- DNS ASK na###alk.net
- DNS ASK fi###shot.net
- DNS ASK qu###shot.net
- DNS ASK qu###cause.net
- DNS ASK qu###sure.net
- DNS ASK fi###cause.net
- DNS ASK wa###ack.net
- DNS ASK st###sure.net
- DNS ASK mo###back.net
- DNS ASK mo###shot.net
- DNS ASK wa###hot.net
- DNS ASK st###shot.net
- DNS ASK we###hot.net
- DNS ASK we###ause.net
- DNS ASK we###ure.net
- DNS ASK st###cause.net
- DNS ASK wa###ause.net
- DNS ASK le###shot.net
- DNS ASK fa###hot.net
- DNS ASK fa###ause.net
- DNS ASK fa###ure.net
- DNS ASK le###cause.net
- DNS ASK wa###ure.net
- DNS ASK mo###cause.net
- DNS ASK mo###sure.net
- DNS ASK le###back.net
- DNS ASK fa###ack.net
- DNS ASK st###wash.net
- DNS ASK we###ash.net
- DNS ASK ri###nstorm.net
- DNS ASK ca####nbring.net
- DNS ASK al###being.net
- DNS ASK we###alk.net
- DNS ASK st###shirt.net
- DNS ASK st###talk.net
- DNS ASK st###below.net
- DNS ASK we###elow.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK jo####ymeasure.net
- DNS ASK ef###tbuilt.net
- DNS ASK th###while.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK ab###ell.net
- DNS ASK mo###ugust.net
- DNS ASK mi###hown.net
- DNS ASK we###hirt.net
- DNS ASK we####daytalk.net
- DNS ASK se###hirt.net
- DNS ASK se###alk.net
- DNS ASK se###elow.net
- DNS ASK we####daybelow.net
- DNS ASK dr###below.net
- DNS ASK na###elow.net
- DNS ASK na###ash.net
- DNS ASK we####dayshirt.net
- DNS ASK dr###wash.net
- DNS ASK fo###below.net
- DNS ASK af###talk.net
- DNS ASK af###below.net
- DNS ASK af###wash.net
- DNS ASK fo###wash.net
- DNS ASK se###ash.net
- DNS ASK we####daywash.net
- DNS ASK fo###shirt.net
- DNS ASK fo###talk.net
- DNS ASK af###shirt.net
- '23#.#55.255.250':1900