Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Input Link-Layer Portable CNG' = '<SYSTEM32>\iyokvbclftg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Disk Health Quality Background Collector] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\eaydltatnna.exe' "<SYSTEM32>\iyokvbclftg.exe"
- '%WINDIR%\Temp\npqgkqkj391zre.exe' -r 22606 tcp
- '%TEMP%\npqgkqkj352bref1wgjuvt.exe'
- '<SYSTEM32>\iyokvbclftg.exe'
- <SYSTEM32>\qjuhqkeoa\run
- <SYSTEM32>\qjuhqkeoa\rng
- <SYSTEM32>\qjuhqkeoa\cfg
- <SYSTEM32>\qjuhqkeoa\por
- %WINDIR%\Temp\npqgkqkj391zre.exe
- %TEMP%\npqgkqkj352bref1wgjuvt.exe
- <SYSTEM32>\qjuhqkeoa\tst
- <SYSTEM32>\qjuhqkeoa\etc
- <SYSTEM32>\eaydltatnna.exe
- <SYSTEM32>\iyokvbclftg.exe
- <SYSTEM32>\eaydltatnna.exe
- <SYSTEM32>\iyokvbclftg.exe
- %WINDIR%\Temp\npqgkqkj391zre.exe
- %TEMP%\npqgkqkj352bref1wgjuvt.exe
- <DRIVERS>\etc\hosts
- 'lo###rain.net':80
- 'fe###old.net':80
- 'lo###old.net':80
- 'fe###rain.net':80
- 'lo###ome.net':80
- 'fe###ver.net':80
- 'lo###ver.net':80
- 'th###home.net':80
- 'wi###ome.net':80
- 'dr###over.net':80
- 'wi###ver.net':80
- 'dr###home.net':80
- 'th###over.net':80
- 'th###grain.net':80
- 'th###gold.net':80
- 'fe###ome.net':80
- 'ge####friend.net':80
- 'gl###health.net':80
- 'ne####arydress.net':80
- 're####eneither.net':80
- 'st###march.net':80
- 'ta###fruit.net':80
- 'mi####lossary.net':80
- 're####erpaint.net':80
- 'wh###rain.net':80
- 'hi###old.net':80
- 'wh###old.net':80
- 'hi###rain.net':80
- 'li####appear.net':80
- 'th####hcountry.net':80
- 'wh###ver.net':80
- lo###rain.net/forum/search.php?me#########################################
- fe###old.net/forum/search.php?me#########################################
- lo###old.net/forum/search.php?me#########################################
- fe###rain.net/forum/search.php?me#########################################
- lo###ome.net/forum/search.php?me#########################################
- fe###ver.net/forum/search.php?me#########################################
- lo###ver.net/forum/search.php?me#########################################
- th###home.net/forum/search.php?me#########################################
- wi###ome.net/forum/search.php?me#########################################
- dr###over.net/forum/search.php?me#########################################
- wi###ver.net/forum/search.php?me#########################################
- dr###home.net/forum/search.php?me#########################################
- th###over.net/forum/search.php?me#########################################
- th###grain.net/forum/search.php?me#########################################
- th###gold.net/forum/search.php?me#########################################
- fe###ome.net/forum/search.php?me#########################################
- ge####friend.net/forum/search.php?me#########################################
- gl###health.net/forum/search.php?me#########################################
- ne####arydress.net/forum/search.php?me#########################################
- re####eneither.net/forum/search.php?me#########################################
- st###march.net/forum/search.php?me#########################################
- ta###fruit.net/forum/search.php?me#########################################
- mi####lossary.net/forum/search.php?me#########################################
- re####erpaint.net/forum/search.php?me#########################################
- wh###rain.net/forum/search.php?me#########################################
- hi###old.net/forum/search.php?me#########################################
- wh###old.net/forum/search.php?me#########################################
- hi###rain.net/forum/search.php?me#########################################
- li####appear.net/forum/search.php?me#########################################
- th####hcountry.net/forum/search.php?me#########################################
- wh###ver.net/forum/search.php?me#########################################
- DNS ASK fe###old.net
- DNS ASK lo###rain.net
- DNS ASK th###home.net
- DNS ASK lo###old.net
- DNS ASK fe###ver.net
- DNS ASK lo###ome.net
- DNS ASK fe###rain.net
- DNS ASK lo###ver.net
- DNS ASK dr###over.net
- DNS ASK wi###ome.net
- DNS ASK dr###grain.net
- DNS ASK wi###ver.net
- DNS ASK th###grain.net
- DNS ASK th###over.net
- DNS ASK dr###home.net
- DNS ASK th###gold.net
- DNS ASK fe###ome.net
- DNS ASK ge####friend.net
- DNS ASK gl###health.net
- DNS ASK ne####arydress.net
- DNS ASK re####eneither.net
- DNS ASK st###march.net
- DNS ASK ta###fruit.net
- DNS ASK mi####lossary.net
- DNS ASK re####erpaint.net
- DNS ASK wh###rain.net
- DNS ASK hi###old.net
- DNS ASK wh###old.net
- DNS ASK hi###rain.net
- DNS ASK li####appear.net
- DNS ASK th####hcountry.net
- DNS ASK wh###ver.net
- '23#.#55.255.250':1900