Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Gateway Removal Print Credential' = '<SYSTEM32>\csrjftdoynf.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Driver Sharing Play Themes Peer] 'ImagePath' = '<SYSTEM32>\csrjftdoynf.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Driver Sharing Play Themes Peer] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\axaetkykq.exe' "<SYSTEM32>\csrjftdoynf.exe"
- '%WINDIR%\Temp\ebjvkeaf2ty5goj.exe' -r 21500 tcp
- '%TEMP%\ebjvkeaf2khvgojvuizgri.exe'
- '<SYSTEM32>\csrjftdoynf.exe'
- <SYSTEM32>\ultqeylfhmciqw\run
- <SYSTEM32>\ultqeylfhmciqw\rng
- %WINDIR%\Temp\ebjvkeaf2ty5goj.exe
- <SYSTEM32>\ultqeylfhmciqw\cfg
- <SYSTEM32>\axaetkykq.exe
- %TEMP%\ebjvkeaf2khvgojvuizgri.exe
- <SYSTEM32>\ultqeylfhmciqw\tst
- <SYSTEM32>\csrjftdoynf.exe
- <SYSTEM32>\ultqeylfhmciqw\etc
- <SYSTEM32>\axaetkykq.exe
- <SYSTEM32>\csrjftdoynf.exe
- %WINDIR%\Temp\ebjvkeaf2ty5goj.exe
- <DRIVERS>\etc\hosts
- %TEMP%\ebjvkeaf2khvgojvuizgri.exe
- 'fo###half.net':80
- 'af###name.net':80
- 'af###half.net':80
- 'st###late.net':80
- 'we###ate.net':80
- 'af###late.net':80
- 'fo###late.net':80
- 'fo###guide.net':80
- 'fo###name.net':80
- 'af###guide.net':80
- 'we###uide.net':80
- 'mo###late.net':80
- 'wa###ate.net':80
- 'wa###uide.net':80
- 'wa###ame.net':80
- 'mo###guide.net':80
- 'we###ame.net':80
- 'st###guide.net':80
- 'st###name.net':80
- 'st###half.net':80
- 'we###alf.net':80
- 'dr###late.net':80
- 'na###ate.net':80
- 'na###uide.net':80
- 'na###ame.net':80
- 'dr###guide.net':80
- 'qu###past.net':80
- 'fi###lady.net':80
- 'fi###past.net':80
- 'fi###wing.net':80
- 'qu###wing.net':80
- 'dr###name.net':80
- 'we####dayname.net':80
- 'se###uide.net':80
- 'se###ame.net':80
- 'se###alf.net':80
- 'we####dayhalf.net':80
- 'dr###half.net':80
- 'na###alf.net':80
- 'we####daylate.net':80
- 'we####dayguide.net':80
- 'se###ate.net':80
- 'na###nly.net':80
- 'fi###half.net':80
- 'dr###only.net':80
- 'dr###color.net':80
- 'na###olor.net':80
- 'fi###guide.net':80
- 'qu###guide.net':80
- 'qu###name.net':80
- 'qu###half.net':80
- 'fi###name.net':80
- 'na###igh.net':80
- 'de###lxc.com':80
- 'we####daycolor.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'na###eel.net':80
- 'dr###high.net':80
- 'dr###feel.net':80
- 'se###nly.net':80
- 'we####dayonly.net':80
- 'le###guide.net':80
- 'fa###uide.net':80
- 'fa###ame.net':80
- 'fa###alf.net':80
- 'le###name.net':80
- 'wa###alf.net':80
- 'mo###name.net':80
- 'mo###half.net':80
- 'le###late.net':80
- 'fa###ate.net':80
- 'le###half.net':80
- 'ga###alf.net':80
- 'bo###ame.net':80
- 'bo###alf.net':80
- 'fi###late.net':80
- 'qu###late.net':80
- 'bo###ate.net':80
- 'ga###ate.net':80
- 'ga###uide.net':80
- 'ga###ame.net':80
- 'bo###uide.net':80
- http://fo###half.net/index.php
- http://af###name.net/index.php
- http://af###half.net/index.php
- http://st###late.net/index.php
- http://we###ate.net/index.php
- http://af###late.net/index.php
- http://fo###late.net/index.php
- http://fo###guide.net/index.php
- http://fo###name.net/index.php
- http://af###guide.net/index.php
- http://we###uide.net/index.php
- http://mo###late.net/index.php
- http://wa###ate.net/index.php
- http://wa###uide.net/index.php
- http://wa###ame.net/index.php
- http://mo###guide.net/index.php
- http://we###ame.net/index.php
- http://st###guide.net/index.php
- http://st###name.net/index.php
- http://st###half.net/index.php
- http://we###alf.net/index.php
- http://dr###late.net/index.php
- http://na###ate.net/index.php
- http://na###uide.net/index.php
- http://na###ame.net/index.php
- http://dr###guide.net/index.php
- http://qu###past.net/index.php
- http://fi###lady.net/index.php
- http://fi###past.net/index.php
- http://fi###wing.net/index.php
- http://qu###wing.net/index.php
- http://dr###name.net/index.php
- http://we####dayname.net/index.php
- http://se###uide.net/index.php
- http://se###ame.net/index.php
- http://se###alf.net/index.php
- http://we####dayhalf.net/index.php
- http://dr###half.net/index.php
- http://na###alf.net/index.php
- http://we####daylate.net/index.php
- http://we####dayguide.net/index.php
- http://se###ate.net/index.php
- http://na###nly.net/index.php
- http://fi###half.net/index.php
- http://dr###only.net/index.php
- http://dr###color.net/index.php
- http://na###olor.net/index.php
- http://fi###guide.net/index.php
- http://qu###guide.net/index.php
- http://qu###name.net/index.php
- http://qu###half.net/index.php
- http://fi###name.net/index.php
- http://na###igh.net/index.php
- http://de###lxc.com/index.php
- http://we####daycolor.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://na###eel.net/index.php
- http://dr###high.net/index.php
- http://dr###feel.net/index.php
- http://se###nly.net/index.php
- http://we####dayonly.net/index.php
- http://le###guide.net/index.php
- http://fa###uide.net/index.php
- http://fa###ame.net/index.php
- http://fa###alf.net/index.php
- http://le###name.net/index.php
- http://wa###alf.net/index.php
- http://mo###name.net/index.php
- http://mo###half.net/index.php
- http://le###late.net/index.php
- http://fa###ate.net/index.php
- http://le###half.net/index.php
- http://ga###alf.net/index.php
- http://bo###ame.net/index.php
- http://bo###alf.net/index.php
- http://fi###late.net/index.php
- http://qu###late.net/index.php
- http://bo###ate.net/index.php
- http://ga###ate.net/index.php
- http://ga###uide.net/index.php
- http://ga###ame.net/index.php
- http://bo###uide.net/index.php
- DNS ASK fo###half.net
- DNS ASK af###name.net
- DNS ASK af###half.net
- DNS ASK st###late.net
- DNS ASK we###ate.net
- DNS ASK af###late.net
- DNS ASK fo###late.net
- DNS ASK fo###guide.net
- DNS ASK fo###name.net
- DNS ASK af###guide.net
- DNS ASK we###uide.net
- DNS ASK mo###late.net
- DNS ASK wa###ate.net
- DNS ASK wa###uide.net
- DNS ASK wa###ame.net
- DNS ASK mo###guide.net
- DNS ASK we###ame.net
- DNS ASK st###guide.net
- DNS ASK st###name.net
- DNS ASK st###half.net
- DNS ASK we###alf.net
- DNS ASK dr###late.net
- DNS ASK na###ate.net
- DNS ASK na###uide.net
- DNS ASK na###ame.net
- DNS ASK dr###guide.net
- DNS ASK qu###past.net
- DNS ASK fi###lady.net
- DNS ASK fi###past.net
- DNS ASK fi###wing.net
- DNS ASK qu###wing.net
- DNS ASK dr###name.net
- DNS ASK we####dayname.net
- DNS ASK se###uide.net
- DNS ASK se###ame.net
- DNS ASK se###alf.net
- DNS ASK we####dayhalf.net
- DNS ASK dr###half.net
- DNS ASK na###alf.net
- DNS ASK we####daylate.net
- DNS ASK we####dayguide.net
- DNS ASK se###ate.net
- DNS ASK mo###name.net
- DNS ASK dr###only.net
- DNS ASK na###nly.net
- DNS ASK na###olor.net
- DNS ASK na###igh.net
- DNS ASK dr###color.net
- DNS ASK qu###name.net
- DNS ASK fi###guide.net
- DNS ASK fi###name.net
- DNS ASK fi###half.net
- DNS ASK qu###half.net
- DNS ASK de###lxc.com
- DNS ASK we####daycolor.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK na###eel.net
- DNS ASK dr###high.net
- DNS ASK dr###feel.net
- DNS ASK se###nly.net
- DNS ASK we####dayonly.net
- DNS ASK qu###guide.net
- DNS ASK fa###ame.net
- DNS ASK le###guide.net
- DNS ASK le###name.net
- DNS ASK le###half.net
- DNS ASK fa###alf.net
- DNS ASK mo###half.net
- DNS ASK wa###alf.net
- DNS ASK fa###ate.net
- DNS ASK fa###uide.net
- DNS ASK le###late.net
- DNS ASK ga###alf.net
- DNS ASK bo###ame.net
- DNS ASK bo###alf.net
- DNS ASK fi###late.net
- DNS ASK qu###late.net
- DNS ASK bo###ate.net
- DNS ASK ga###ate.net
- DNS ASK ga###uide.net
- DNS ASK ga###ame.net
- DNS ASK bo###uide.net
- '23#.#55.255.250':1900