Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Encrypting Themes Assistant User Hardware' = 'C:\ddiefie\jrhtxahnn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Routing Coordinator Process Notification] 'Start' = '00000002'
- 'C:\ddiefie\suybdwmia.exe' "c:\ddiefie\jrhtxahnn.exe"
- 'C:\ddiefie\jrhtxahnn.exe'
- 'C:\ddiefie\cu3k4eignotvytmg.exe'
- C:\ddiefie\jrhtxahnn.exe
- C:\ddiefie\suybdwmia.exe
- C:\ddiefie\smrlwrkg
- %WINDIR%\ddiefie\mwtaxhvp
- C:\ddiefie\mwtaxhvp
- C:\ddiefie\cu3k4eignotvytmg.exe
- C:\ddiefie\suybdwmia.exe
- C:\ddiefie\jrhtxahnn.exe
- C:\ddiefie\cu3k4eignotvytmg.exe
- %WINDIR%\ddiefie\mwtaxhvp
- 'st####etrust.net':80
- 'hi####ysystem.net':80
- 'am###thonor.net':80
- 'hi####ytrust.net':80
- 'st####eneither.net':80
- 'hi####yhonor.net':80
- 'st####esystem.net':80
- 'hi####yneither.net':80
- 'am###ttrust.net':80
- 'we####rsystem.net':80
- 'th###honor.net':80
- 'we####rtrust.net':80
- 'am####neither.net':80
- 'we####rhonor.net':80
- 'am####system.net':80
- 'we####rneither.net':80
- 'st####ehonor.net':80
- 'tw####system.net':80
- 'mi####system.net':80
- 'tw###etrust.net':80
- 'mi###etrust.net':80
- 'tw###ehonor.net':80
- 'mi###ehonor.net':80
- 'tw####neither.net':80
- 'mi####neither.net':80
- 'mo####gsystem.net':80
- 'ra####system.net':80
- 'mo####gtrust.net':80
- 'ra###rtrust.net':80
- 'mo####ghonor.net':80
- 'ra###rhonor.net':80
- 'mo####gneither.net':80
- 'ra####neither.net':80
- http://st####etrust.net/index.php?me########
- http://hi####ysystem.net/index.php?me########
- http://am###thonor.net/index.php?me########
- http://hi####ytrust.net/index.php?me########
- http://st####eneither.net/index.php?me########
- http://hi####yhonor.net/index.php?me########
- http://st####esystem.net/index.php?me########
- http://hi####yneither.net/index.php?me########
- http://am###ttrust.net/index.php?me########
- http://we####rsystem.net/index.php?me########
- http://th###honor.net/index.php?me########
- http://we####rtrust.net/index.php?me########
- http://am####neither.net/index.php?me########
- http://we####rhonor.net/index.php?me########
- http://am####system.net/index.php?me########
- http://we####rneither.net/index.php?me########
- http://st####ehonor.net/index.php?me########
- http://tw####system.net/index.php?me########
- http://mi####system.net/index.php?me########
- http://tw###etrust.net/index.php?me########
- http://mi###etrust.net/index.php?me########
- http://tw###ehonor.net/index.php?me########
- http://mi###ehonor.net/index.php?me########
- http://tw####neither.net/index.php?me########
- http://mi####neither.net/index.php?me########
- http://mo####gsystem.net/index.php?me########
- http://ra####system.net/index.php?me########
- http://mo####gtrust.net/index.php?me########
- http://ra###rtrust.net/index.php?me########
- http://mo####ghonor.net/index.php?me########
- http://ra###rhonor.net/index.php?me########
- http://mo####gneither.net/index.php?me########
- http://ra####neither.net/index.php?me########
- DNS ASK st####etrust.net
- DNS ASK hi####ysystem.net
- DNS ASK am###thonor.net
- DNS ASK hi####ytrust.net
- DNS ASK st####eneither.net
- DNS ASK hi####yhonor.net
- DNS ASK st####esystem.net
- DNS ASK hi####yneither.net
- DNS ASK am###ttrust.net
- DNS ASK we####rsystem.net
- DNS ASK th###honor.net
- DNS ASK we####rtrust.net
- DNS ASK am####neither.net
- DNS ASK we####rhonor.net
- DNS ASK am####system.net
- DNS ASK we####rneither.net
- DNS ASK st####ehonor.net
- DNS ASK tw####system.net
- DNS ASK mi####system.net
- DNS ASK tw###etrust.net
- DNS ASK mi###etrust.net
- DNS ASK tw###ehonor.net
- DNS ASK mi###ehonor.net
- DNS ASK tw####neither.net
- DNS ASK mi####neither.net
- DNS ASK mo####gsystem.net
- DNS ASK ra####system.net
- DNS ASK mo####gtrust.net
- DNS ASK ra###rtrust.net
- DNS ASK mo####ghonor.net
- DNS ASK ra###rhonor.net
- DNS ASK mo####gneither.net
- DNS ASK ra####neither.net
- ClassName: 'Shell_TrayWnd' WindowName: ''