Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Tracking Redirector IP Superfetch Panel' = '<SYSTEM32>\cfqivbwrzzy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Shadow Wired RPC Policy Coordinator] 'ImagePath' = '<SYSTEM32>\cfqivbwrzzy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Shadow Wired RPC Policy Coordinator] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\fnffljcdpshe.exe' "<SYSTEM32>\cfqivbwrzzy.exe"
- '%WINDIR%\Temp\tiwd8v39yyokbwb.exe' -r 50540 tcp
- '%TEMP%\tiwd8v35cqokbwbkqnwfm.exe'
- '<SYSTEM32>\cfqivbwrzzy.exe'
- <SYSTEM32>\dxgnkgsym\run
- <SYSTEM32>\dxgnkgsym\rng
- %WINDIR%\Temp\tiwd8v39yyokbwb.exe
- <SYSTEM32>\dxgnkgsym\cfg
- <SYSTEM32>\fnffljcdpshe.exe
- %TEMP%\tiwd8v35cqokbwbkqnwfm.exe
- <SYSTEM32>\dxgnkgsym\tst
- <SYSTEM32>\cfqivbwrzzy.exe
- <SYSTEM32>\dxgnkgsym\etc
- <SYSTEM32>\fnffljcdpshe.exe
- <SYSTEM32>\cfqivbwrzzy.exe
- %WINDIR%\Temp\tiwd8v39yyokbwb.exe
- <DRIVERS>\etc\hosts
- %TEMP%\tiwd8v35cqokbwbkqnwfm.exe
- 'cl###hand.net':80
- 'da###and.net':80
- 'da###ound.net':80
- 'da###reen.net':80
- 'cl###sound.net':80
- 'mi###appy.net':80
- 'mi###ince.net':80
- 'tr###since.net':80
- 'tr###heat.net':80
- 'tr###happy.net':80
- 'mi###eat.net':80
- 'si###reen.net':80
- 'me###ound.net':80
- 'me###reen.net':80
- 'me###ift.net':80
- 'si###ift.net':80
- 'si###ound.net':80
- 'da###ift.net':80
- 'cl###green.net':80
- 'cl###lift.net':80
- 'me###and.net':80
- 'si###and.net':80
- 'th###since.net':80
- 'si###since.net':80
- 'si###heat.net':80
- 'si###happy.net':80
- 'th###heat.net':80
- 'th###page.net':80
- 'ca###eat.net':80
- 'he###eat.net':80
- 'he###appy.net':80
- 'si###page.net':80
- 'ca###appy.net':80
- 'du###appy.net':80
- 'wi###eat.net':80
- 'wi###appy.net':80
- 'mi###age.net':80
- 'tr###page.net':80
- 'du###eat.net':80
- 'du###age.net':80
- 'th###happy.net':80
- 'wi###age.net':80
- 'wi###ince.net':80
- 'du###ince.net':80
- 'mo###and.net':80
- 'si###lift.net':80
- 'th###green.net':80
- 'th###lift.net':80
- 'wi###and.net':80
- 'du###and.net':80
- 'si###green.net':80
- 'si###hand.net':80
- 'ca###ift.net':80
- 'th###hand.net':80
- 'th###sound.net':80
- 'si###sound.net':80
- 'de###lxc.com':80
- 'tr###hand.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'wi###ift.net':80
- 'wi###ound.net':80
- 'du###ound.net':80
- 'du###reen.net':80
- 'du###ift.net':80
- 'wi###reen.net':80
- 'th###and.net':80
- 'su###ylift.net':80
- 'qu###hand.net':80
- 'qu###sound.net':80
- 'th###ound.net':80
- 'mo###ift.net':80
- 'mo###ound.net':80
- 'su###yhand.net':80
- 'su###ysound.net':80
- 'su###ygreen.net':80
- 'mo###reen.net':80
- 'ca###ound.net':80
- 'he###ound.net':80
- 'he###reen.net':80
- 'he###ift.net':80
- 'ca###reen.net':80
- 'ca###and.net':80
- 'qu###green.net':80
- 'th###reen.net':80
- 'th###ift.net':80
- 'he###and.net':80
- 'qu###lift.net':80
- http://cl###hand.net/index.php
- http://da###and.net/index.php
- http://da###ound.net/index.php
- http://da###reen.net/index.php
- http://cl###sound.net/index.php
- http://mi###appy.net/index.php
- http://mi###ince.net/index.php
- http://tr###since.net/index.php
- http://tr###heat.net/index.php
- http://tr###happy.net/index.php
- http://mi###eat.net/index.php
- http://si###reen.net/index.php
- http://me###ound.net/index.php
- http://me###reen.net/index.php
- http://me###ift.net/index.php
- http://si###ift.net/index.php
- http://si###ound.net/index.php
- http://da###ift.net/index.php
- http://cl###green.net/index.php
- http://cl###lift.net/index.php
- http://me###and.net/index.php
- http://si###and.net/index.php
- http://th###since.net/index.php
- http://si###since.net/index.php
- http://si###heat.net/index.php
- http://si###happy.net/index.php
- http://th###heat.net/index.php
- http://th###page.net/index.php
- http://ca###eat.net/index.php
- http://he###eat.net/index.php
- http://he###appy.net/index.php
- http://si###page.net/index.php
- http://ca###appy.net/index.php
- http://du###appy.net/index.php
- http://wi###eat.net/index.php
- http://wi###appy.net/index.php
- http://mi###age.net/index.php
- http://tr###page.net/index.php
- http://du###eat.net/index.php
- http://du###age.net/index.php
- http://th###happy.net/index.php
- http://wi###age.net/index.php
- http://wi###ince.net/index.php
- http://du###ince.net/index.php
- http://mo###and.net/index.php
- http://si###lift.net/index.php
- http://th###green.net/index.php
- http://th###lift.net/index.php
- http://wi###and.net/index.php
- http://du###and.net/index.php
- http://si###green.net/index.php
- http://si###hand.net/index.php
- http://ca###ift.net/index.php
- http://th###hand.net/index.php
- http://th###sound.net/index.php
- http://si###sound.net/index.php
- http://de###lxc.com/index.php
- http://tr###hand.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://wi###ift.net/index.php
- http://wi###ound.net/index.php
- http://du###ound.net/index.php
- http://du###reen.net/index.php
- http://du###ift.net/index.php
- http://wi###reen.net/index.php
- http://th###and.net/index.php
- http://su###ylift.net/index.php
- http://qu###hand.net/index.php
- http://qu###sound.net/index.php
- http://th###ound.net/index.php
- http://mo###ift.net/index.php
- http://mo###ound.net/index.php
- http://su###yhand.net/index.php
- http://su###ysound.net/index.php
- http://su###ygreen.net/index.php
- http://mo###reen.net/index.php
- http://ca###ound.net/index.php
- http://he###ound.net/index.php
- http://he###reen.net/index.php
- http://he###ift.net/index.php
- http://ca###reen.net/index.php
- http://ca###and.net/index.php
- http://qu###green.net/index.php
- http://th###reen.net/index.php
- http://th###ift.net/index.php
- http://he###and.net/index.php
- http://qu###lift.net/index.php
- DNS ASK da###ound.net
- DNS ASK cl###hand.net
- DNS ASK cl###sound.net
- DNS ASK cl###green.net
- DNS ASK da###reen.net
- DNS ASK da###and.net
- DNS ASK tr###heat.net
- DNS ASK mi###ince.net
- DNS ASK mi###eat.net
- DNS ASK mi###appy.net
- DNS ASK tr###happy.net
- DNS ASK me###reen.net
- DNS ASK si###reen.net
- DNS ASK si###ift.net
- DNS ASK mo###and.net
- DNS ASK me###ift.net
- DNS ASK me###ound.net
- DNS ASK cl###lift.net
- DNS ASK da###ift.net
- DNS ASK si###and.net
- DNS ASK si###ound.net
- DNS ASK me###and.net
- DNS ASK tr###since.net
- DNS ASK th###since.net
- DNS ASK si###since.net
- DNS ASK si###heat.net
- DNS ASK si###happy.net
- DNS ASK th###heat.net
- DNS ASK th###page.net
- DNS ASK ca###eat.net
- DNS ASK he###eat.net
- DNS ASK he###appy.net
- DNS ASK si###page.net
- DNS ASK ca###appy.net
- DNS ASK du###appy.net
- DNS ASK wi###eat.net
- DNS ASK wi###appy.net
- DNS ASK mi###age.net
- DNS ASK tr###page.net
- DNS ASK du###eat.net
- DNS ASK du###age.net
- DNS ASK th###happy.net
- DNS ASK wi###age.net
- DNS ASK wi###ince.net
- DNS ASK du###ince.net
- DNS ASK si###lift.net
- DNS ASK th###green.net
- DNS ASK th###lift.net
- DNS ASK wi###and.net
- DNS ASK du###and.net
- DNS ASK si###green.net
- DNS ASK si###hand.net
- DNS ASK ca###ift.net
- DNS ASK th###hand.net
- DNS ASK th###sound.net
- DNS ASK si###sound.net
- DNS ASK de###lxc.com
- DNS ASK tr###hand.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK wi###ift.net
- DNS ASK wi###ound.net
- DNS ASK du###ound.net
- DNS ASK du###reen.net
- DNS ASK du###ift.net
- DNS ASK wi###reen.net
- DNS ASK th###and.net
- DNS ASK su###ylift.net
- DNS ASK qu###hand.net
- DNS ASK qu###sound.net
- DNS ASK th###ound.net
- DNS ASK mo###ift.net
- DNS ASK mo###ound.net
- DNS ASK su###yhand.net
- DNS ASK su###ysound.net
- DNS ASK su###ygreen.net
- DNS ASK mo###reen.net
- DNS ASK ca###ound.net
- DNS ASK he###ound.net
- DNS ASK he###reen.net
- DNS ASK he###ift.net
- DNS ASK ca###reen.net
- DNS ASK ca###and.net
- DNS ASK qu###green.net
- DNS ASK th###reen.net
- DNS ASK th###ift.net
- DNS ASK he###and.net
- DNS ASK qu###lift.net
- '23#.#55.255.250':1900