Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Protocol Netlogon Storage Spooler Log' = '<SYSTEM32>\aisatgyjnevk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\AutoConnect Awareness Agent Profile] 'ImagePath' = '<SYSTEM32>\aisatgyjnevk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\AutoConnect Awareness Agent Profile] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\vxqzdtbodwg.exe' "<SYSTEM32>\aisatgyjnevk.exe"
- '%WINDIR%\Temp\d1ddyeo2wf4veko.exe' -r 41288 tcp
- '%TEMP%\d1ddyeo2ry3vekofnhxpsz.exe'
- '<SYSTEM32>\aisatgyjnevk.exe'
- <SYSTEM32>\cdfjixegne\run
- <SYSTEM32>\cdfjixegne\rng
- %WINDIR%\Temp\d1ddyeo2wf4veko.exe
- <SYSTEM32>\cdfjixegne\cfg
- <SYSTEM32>\vxqzdtbodwg.exe
- %TEMP%\d1ddyeo2ry3vekofnhxpsz.exe
- <SYSTEM32>\cdfjixegne\tst
- <SYSTEM32>\aisatgyjnevk.exe
- <SYSTEM32>\cdfjixegne\etc
- <SYSTEM32>\vxqzdtbodwg.exe
- <SYSTEM32>\aisatgyjnevk.exe
- %WINDIR%\Temp\d1ddyeo2wf4veko.exe
- <DRIVERS>\etc\hosts
- %TEMP%\d1ddyeo2ry3vekofnhxpsz.exe
- 'wa###orm.net':80
- 'mo###agree.net':80
- 'mo###form.net':80
- 'le###word.net':80
- 'fa###ord.net':80
- 'wa###gree.net':80
- 'wa###ord.net':80
- 'st###form.net':80
- 'mo###word.net':80
- 'mo###touch.net':80
- 'wa###ouch.net':80
- 'ga###ouch.net':80
- 'bo###ord.net':80
- 'bo###ouch.net':80
- 'bo###gree.net':80
- 'ga###gree.net':80
- 'ga###ord.net':80
- 'le###touch.net':80
- 'fa###ouch.net':80
- 'fa###gree.net':80
- 'fa###orm.net':80
- 'le###agree.net':80
- 'we###orm.net':80
- 'se###orm.net':80
- 'we####dayform.net':80
- 'fo###word.net':80
- 'fo###touch.net':80
- 'af###word.net':80
- 'se###gree.net':80
- 'se###ord.net':80
- 'we####dayword.net':80
- 'we####daytouch.net':80
- 'we####dayagree.net':80
- 'se###ouch.net':80
- 'we###ouch.net':80
- 'st###word.net':80
- 'st###touch.net':80
- 'st###agree.net':80
- 'we###gree.net':80
- 'we###ord.net':80
- 'fo###agree.net':80
- 'af###touch.net':80
- 'af###agree.net':80
- 'af###form.net':80
- 'fo###form.net':80
- 'ga###orm.net':80
- 'af###plain.net':80
- 'fo###plain.net':80
- 'fo###step.net':80
- 'we###lack.net':80
- 'af###step.net':80
- 'af###grown.net':80
- 'se###tep.net':80
- 'we####daystep.net':80
- 'fo###black.net':80
- 'fo###grown.net':80
- 'af###black.net':80
- 'mi###hown.net':80
- 'ab###ell.net':80
- 'mo###ugust.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'mo###olor.net':80
- 'ri###nstorm.net':80
- 'be##lxc.com':80
- 'al###being.net':80
- 'pr####tbottom.net':80
- 'ca####nbring.net':80
- 'se###lain.net':80
- 'qu###form.net':80
- 'fi###agree.net':80
- 'fi###form.net':80
- 'dr###black.net':80
- 'na###lack.net':80
- 'qu###agree.net':80
- 'qu###word.net':80
- 'bo###orm.net':80
- 'fi###word.net':80
- 'fi###touch.net':80
- 'qu###touch.net':80
- 'se###lack.net':80
- 'we####dayblack.net':80
- 'we####daygrown.net':80
- 'we####dayplain.net':80
- 'se###rown.net':80
- 'dr###step.net':80
- 'dr###grown.net':80
- 'na###rown.net':80
- 'na###lain.net':80
- 'na###tep.net':80
- 'dr###plain.net':80
- http://wa###orm.net/index.php
- http://mo###agree.net/index.php
- http://mo###form.net/index.php
- http://le###word.net/index.php
- http://fa###ord.net/index.php
- http://wa###gree.net/index.php
- http://wa###ord.net/index.php
- http://st###form.net/index.php
- http://mo###word.net/index.php
- http://mo###touch.net/index.php
- http://wa###ouch.net/index.php
- http://ga###ouch.net/index.php
- http://bo###ord.net/index.php
- http://bo###ouch.net/index.php
- http://bo###gree.net/index.php
- http://ga###gree.net/index.php
- http://ga###ord.net/index.php
- http://le###touch.net/index.php
- http://fa###ouch.net/index.php
- http://fa###gree.net/index.php
- http://fa###orm.net/index.php
- http://le###agree.net/index.php
- http://we###orm.net/index.php
- http://se###orm.net/index.php
- http://we####dayform.net/index.php
- http://fo###word.net/index.php
- http://fo###touch.net/index.php
- http://af###word.net/index.php
- http://se###gree.net/index.php
- http://se###ord.net/index.php
- http://we####dayword.net/index.php
- http://we####daytouch.net/index.php
- http://we####dayagree.net/index.php
- http://se###ouch.net/index.php
- http://we###ouch.net/index.php
- http://st###word.net/index.php
- http://st###touch.net/index.php
- http://st###agree.net/index.php
- http://we###gree.net/index.php
- http://we###ord.net/index.php
- http://fo###agree.net/index.php
- http://af###touch.net/index.php
- http://af###agree.net/index.php
- http://af###form.net/index.php
- http://fo###form.net/index.php
- http://ga###orm.net/index.php
- http://af###plain.net/index.php
- http://fo###plain.net/index.php
- http://fo###step.net/index.php
- http://we###lack.net/index.php
- http://af###step.net/index.php
- http://af###grown.net/index.php
- http://se###tep.net/index.php
- http://we####daystep.net/index.php
- http://fo###black.net/index.php
- http://fo###grown.net/index.php
- http://af###black.net/index.php
- http://mi###hown.net/index.php
- http://ab###ell.net/index.php
- http://mo###ugust.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://mo###olor.net/index.php
- http://ri###nstorm.net/index.php
- http://be##lxc.com/index.php
- http://al###being.net/index.php
- http://pr####tbottom.net/index.php
- http://ca####nbring.net/index.php
- http://se###lain.net/index.php
- http://qu###form.net/index.php
- http://fi###agree.net/index.php
- http://fi###form.net/index.php
- http://dr###black.net/index.php
- http://na###lack.net/index.php
- http://qu###agree.net/index.php
- http://qu###word.net/index.php
- http://bo###orm.net/index.php
- http://fi###word.net/index.php
- http://fi###touch.net/index.php
- http://qu###touch.net/index.php
- http://se###lack.net/index.php
- http://we####dayblack.net/index.php
- http://we####daygrown.net/index.php
- http://we####dayplain.net/index.php
- http://se###rown.net/index.php
- http://dr###step.net/index.php
- http://dr###grown.net/index.php
- http://na###rown.net/index.php
- http://na###lain.net/index.php
- http://na###tep.net/index.php
- http://dr###plain.net/index.php
- DNS ASK wa###orm.net
- DNS ASK mo###agree.net
- DNS ASK mo###form.net
- DNS ASK le###word.net
- DNS ASK fa###ord.net
- DNS ASK wa###gree.net
- DNS ASK wa###ord.net
- DNS ASK st###form.net
- DNS ASK mo###word.net
- DNS ASK mo###touch.net
- DNS ASK wa###ouch.net
- DNS ASK fa###ouch.net
- DNS ASK bo###ouch.net
- DNS ASK ga###ouch.net
- DNS ASK ga###gree.net
- DNS ASK ga###orm.net
- DNS ASK bo###gree.net
- DNS ASK bo###ord.net
- DNS ASK fa###gree.net
- DNS ASK le###touch.net
- DNS ASK le###agree.net
- DNS ASK ga###ord.net
- DNS ASK fa###orm.net
- DNS ASK se###orm.net
- DNS ASK we####dayform.net
- DNS ASK fo###word.net
- DNS ASK fo###touch.net
- DNS ASK af###word.net
- DNS ASK se###gree.net
- DNS ASK se###ord.net
- DNS ASK we####dayword.net
- DNS ASK we####daytouch.net
- DNS ASK we####dayagree.net
- DNS ASK se###ouch.net
- DNS ASK af###touch.net
- DNS ASK st###touch.net
- DNS ASK we###ouch.net
- DNS ASK we###gree.net
- DNS ASK we###orm.net
- DNS ASK st###agree.net
- DNS ASK st###word.net
- DNS ASK af###agree.net
- DNS ASK fo###agree.net
- DNS ASK fo###form.net
- DNS ASK we###ord.net
- DNS ASK af###form.net
- DNS ASK af###plain.net
- DNS ASK fo###plain.net
- DNS ASK fo###step.net
- DNS ASK we###lack.net
- DNS ASK af###step.net
- DNS ASK af###grown.net
- DNS ASK se###tep.net
- DNS ASK we####daystep.net
- DNS ASK fo###black.net
- DNS ASK fo###grown.net
- DNS ASK af###black.net
- DNS ASK mi###hown.net
- DNS ASK ab###ell.net
- DNS ASK mo###ugust.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK mo###olor.net
- DNS ASK ri###nstorm.net
- DNS ASK be##lxc.com
- DNS ASK al###being.net
- DNS ASK pr####tbottom.net
- DNS ASK ca####nbring.net
- DNS ASK se###lain.net
- DNS ASK qu###form.net
- DNS ASK fi###agree.net
- DNS ASK fi###form.net
- DNS ASK dr###black.net
- DNS ASK na###lack.net
- DNS ASK qu###agree.net
- DNS ASK qu###word.net
- DNS ASK bo###orm.net
- DNS ASK fi###word.net
- DNS ASK fi###touch.net
- DNS ASK qu###touch.net
- DNS ASK se###lack.net
- DNS ASK we####dayblack.net
- DNS ASK we####daygrown.net
- DNS ASK we####dayplain.net
- DNS ASK se###rown.net
- DNS ASK dr###step.net
- DNS ASK dr###grown.net
- DNS ASK na###rown.net
- DNS ASK na###lain.net
- DNS ASK na###tep.net
- DNS ASK dr###plain.net
- '23#.#55.255.250':1900