Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Adaptive BranchCache Card Solutions' = '<SYSTEM32>\qsxhglfgnzg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\iSCSI Acquisition RPC Protected Networking] 'ImagePath' = '<SYSTEM32>\qsxhglfgnzg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\iSCSI Acquisition RPC Protected Networking] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\intexwwhxknc.exe' "<SYSTEM32>\qsxhglfgnzg.exe"
- '%WINDIR%\Temp\oohv6ks2rsgbksf.exe' -r 21895 tcp
- '%TEMP%\oohv6ks2k0ibksfqdhclxwy.exe'
- '<SYSTEM32>\qsxhglfgnzg.exe'
- <SYSTEM32>\ewkpwkxkeb\run
- <SYSTEM32>\ewkpwkxkeb\rng
- %WINDIR%\Temp\oohv6ks2rsgbksf.exe
- <SYSTEM32>\ewkpwkxkeb\cfg
- <SYSTEM32>\intexwwhxknc.exe
- %TEMP%\oohv6ks2k0ibksfqdhclxwy.exe
- <SYSTEM32>\ewkpwkxkeb\tst
- <SYSTEM32>\qsxhglfgnzg.exe
- <SYSTEM32>\ewkpwkxkeb\etc
- <SYSTEM32>\intexwwhxknc.exe
- <SYSTEM32>\qsxhglfgnzg.exe
- %WINDIR%\Temp\oohv6ks2rsgbksf.exe
- <DRIVERS>\etc\hosts
- %TEMP%\oohv6ks2k0ibksfqdhclxwy.exe
- 'se###tand.net':80
- 'we####daystand.net':80
- 'we####daysugar.net':80
- 'we####daypass.net':80
- 'se###ugar.net':80
- 'na###ass.net':80
- 'dr###sugar.net':80
- 'dr###pass.net':80
- 'dr###again.net':80
- 'na###gain.net':80
- 'se###ass.net':80
- 'fo###pass.net':80
- 'af###sugar.net':80
- 'af###pass.net':80
- 'af###again.net':80
- 'fo###again.net':80
- 'se###gain.net':80
- 'we####dayagain.net':80
- 'fo###stand.net':80
- 'fo###sugar.net':80
- 'af###stand.net':80
- 'na###ugar.net':80
- 'wh###grown.net':80
- 'sa###rown.net':80
- 'sa###lain.net':80
- 'sa###tep.net':80
- 'wh###plain.net':80
- 'ba###tep.net':80
- 'st###plain.net':80
- 'st###step.net':80
- 'wh###black.net':80
- 'sa###lack.net':80
- 'wh###step.net':80
- 'so###tep.net':80
- 'lo###lain.net':80
- 'lo###tep.net':80
- 'dr###stand.net':80
- 'na###tand.net':80
- 'lo###lack.net':80
- 'so###lack.net':80
- 'so###rown.net':80
- 'so###lain.net':80
- 'lo###rown.net':80
- 'we###tand.net':80
- 'bo###ass.net':80
- 'ga###ass.net':80
- 'ga###gain.net':80
- 'qu###stand.net':80
- 'bo###gain.net':80
- 'ga###tand.net':80
- 'le###again.net':80
- 'bo###tand.net':80
- 'bo###ugar.net':80
- 'ga###ugar.net':80
- 'fi###stand.net':80
- 'de###lxc.com':80
- 'fi###again.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'fi###sugar.net':80
- 'qu###sugar.net':80
- 'qu###pass.net':80
- 'qu###again.net':80
- 'fi###pass.net':80
- 'fa###gain.net':80
- 'st###again.net':80
- 'we###gain.net':80
- 'wa###tand.net':80
- 'wa###ugar.net':80
- 'mo###stand.net':80
- 'we###ugar.net':80
- 'st###stand.net':80
- 'st###sugar.net':80
- 'st###pass.net':80
- 'we###ass.net':80
- 'mo###sugar.net':80
- 'fa###ugar.net':80
- 'le###stand.net':80
- 'le###sugar.net':80
- 'le###pass.net':80
- 'fa###ass.net':80
- 'mo###pass.net':80
- 'wa###ass.net':80
- 'wa###gain.net':80
- 'fa###tand.net':80
- 'mo###again.net':80
- http://se###tand.net/index.php
- http://we####daystand.net/index.php
- http://we####daysugar.net/index.php
- http://we####daypass.net/index.php
- http://se###ugar.net/index.php
- http://na###ass.net/index.php
- http://dr###sugar.net/index.php
- http://dr###pass.net/index.php
- http://dr###again.net/index.php
- http://na###gain.net/index.php
- http://se###ass.net/index.php
- http://fo###pass.net/index.php
- http://af###sugar.net/index.php
- http://af###pass.net/index.php
- http://af###again.net/index.php
- http://fo###again.net/index.php
- http://se###gain.net/index.php
- http://we####dayagain.net/index.php
- http://fo###stand.net/index.php
- http://fo###sugar.net/index.php
- http://af###stand.net/index.php
- http://na###ugar.net/index.php
- http://wh###grown.net/index.php
- http://sa###rown.net/index.php
- http://sa###lain.net/index.php
- http://sa###tep.net/index.php
- http://wh###plain.net/index.php
- http://ba###tep.net/index.php
- http://st###plain.net/index.php
- http://st###step.net/index.php
- http://wh###black.net/index.php
- http://sa###lack.net/index.php
- http://wh###step.net/index.php
- http://so###tep.net/index.php
- http://lo###lain.net/index.php
- http://lo###tep.net/index.php
- http://dr###stand.net/index.php
- http://na###tand.net/index.php
- http://lo###lack.net/index.php
- http://so###lack.net/index.php
- http://so###rown.net/index.php
- http://so###lain.net/index.php
- http://lo###rown.net/index.php
- http://we###tand.net/index.php
- http://bo###ass.net/index.php
- http://ga###ass.net/index.php
- http://ga###gain.net/index.php
- http://qu###stand.net/index.php
- http://bo###gain.net/index.php
- http://ga###tand.net/index.php
- http://le###again.net/index.php
- http://bo###tand.net/index.php
- http://bo###ugar.net/index.php
- http://ga###ugar.net/index.php
- http://fi###stand.net/index.php
- http://de###lxc.com/index.php
- http://fi###again.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://fi###sugar.net/index.php
- http://qu###sugar.net/index.php
- http://qu###pass.net/index.php
- http://qu###again.net/index.php
- http://fi###pass.net/index.php
- http://fa###gain.net/index.php
- http://st###again.net/index.php
- http://we###gain.net/index.php
- http://wa###tand.net/index.php
- http://wa###ugar.net/index.php
- http://mo###stand.net/index.php
- http://we###ugar.net/index.php
- http://st###stand.net/index.php
- http://st###sugar.net/index.php
- http://st###pass.net/index.php
- http://we###ass.net/index.php
- http://mo###sugar.net/index.php
- http://fa###ugar.net/index.php
- http://le###stand.net/index.php
- http://le###sugar.net/index.php
- http://le###pass.net/index.php
- http://fa###ass.net/index.php
- http://mo###pass.net/index.php
- http://wa###ass.net/index.php
- http://wa###gain.net/index.php
- http://fa###tand.net/index.php
- http://mo###again.net/index.php
- DNS ASK se###tand.net
- DNS ASK we####daystand.net
- DNS ASK we####daysugar.net
- DNS ASK we####daypass.net
- DNS ASK se###ugar.net
- DNS ASK dr###again.net
- DNS ASK dr###sugar.net
- DNS ASK na###ugar.net
- DNS ASK na###ass.net
- DNS ASK na###gain.net
- DNS ASK dr###pass.net
- DNS ASK fo###pass.net
- DNS ASK af###sugar.net
- DNS ASK af###pass.net
- DNS ASK af###again.net
- DNS ASK fo###again.net
- DNS ASK fo###sugar.net
- DNS ASK we####dayagain.net
- DNS ASK se###ass.net
- DNS ASK se###gain.net
- DNS ASK af###stand.net
- DNS ASK fo###stand.net
- DNS ASK wh###grown.net
- DNS ASK sa###rown.net
- DNS ASK sa###lain.net
- DNS ASK sa###tep.net
- DNS ASK wh###plain.net
- DNS ASK wh###black.net
- DNS ASK st###plain.net
- DNS ASK ba###lain.net
- DNS ASK ba###tep.net
- DNS ASK sa###lack.net
- DNS ASK st###step.net
- DNS ASK so###tep.net
- DNS ASK lo###lain.net
- DNS ASK lo###tep.net
- DNS ASK dr###stand.net
- DNS ASK na###tand.net
- DNS ASK so###lain.net
- DNS ASK so###lack.net
- DNS ASK wh###step.net
- DNS ASK lo###lack.net
- DNS ASK lo###rown.net
- DNS ASK so###rown.net
- DNS ASK we###tand.net
- DNS ASK bo###ass.net
- DNS ASK ga###ass.net
- DNS ASK ga###gain.net
- DNS ASK qu###stand.net
- DNS ASK bo###gain.net
- DNS ASK ga###tand.net
- DNS ASK le###again.net
- DNS ASK bo###tand.net
- DNS ASK bo###ugar.net
- DNS ASK ga###ugar.net
- DNS ASK fi###stand.net
- DNS ASK de###lxc.com
- DNS ASK fi###again.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK fi###sugar.net
- DNS ASK qu###sugar.net
- DNS ASK qu###pass.net
- DNS ASK qu###again.net
- DNS ASK fi###pass.net
- DNS ASK fa###gain.net
- DNS ASK st###again.net
- DNS ASK we###gain.net
- DNS ASK wa###tand.net
- DNS ASK wa###ugar.net
- DNS ASK mo###stand.net
- DNS ASK we###ugar.net
- DNS ASK st###stand.net
- DNS ASK st###sugar.net
- DNS ASK st###pass.net
- DNS ASK we###ass.net
- DNS ASK mo###sugar.net
- DNS ASK fa###ugar.net
- DNS ASK le###stand.net
- DNS ASK le###sugar.net
- DNS ASK le###pass.net
- DNS ASK fa###ass.net
- DNS ASK mo###pass.net
- DNS ASK wa###ass.net
- DNS ASK wa###gain.net
- DNS ASK fa###tand.net
- DNS ASK mo###again.net
- '23#.#55.255.250':1900