Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Endpoint Control NGEN Alerts Task Telephony' = '<SYSTEM32>\sehmranpjyx.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Socket Web User-mode Extender Shell] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\xgpfirrywszm.exe' "<SYSTEM32>\sehmranpjyx.exe"
- '%WINDIR%\Temp\qj29ykuk3mu2fe.exe' -r 25008 tcp
- '%TEMP%\qj29ykuk38fefetehrxhrb.exe'
- '<SYSTEM32>\sehmranpjyx.exe'
- <SYSTEM32>\iualtudybqpcdfl\run
- <SYSTEM32>\iualtudybqpcdfl\rng
- %WINDIR%\Temp\qj29ykuk3mu2fe.exe
- <SYSTEM32>\iualtudybqpcdfl\cfg
- <SYSTEM32>\xgpfirrywszm.exe
- %TEMP%\qj29ykuk38fefetehrxhrb.exe
- <SYSTEM32>\iualtudybqpcdfl\tst
- <SYSTEM32>\sehmranpjyx.exe
- <SYSTEM32>\iualtudybqpcdfl\etc
- <SYSTEM32>\xgpfirrywszm.exe
- <SYSTEM32>\sehmranpjyx.exe
- %WINDIR%\Temp\qj29ykuk3mu2fe.exe
- <DRIVERS>\etc\hosts
- %TEMP%\qj29ykuk38fefetehrxhrb.exe
- 'wi###ome.net':80
- 'du###ome.net':80
- 'tr###gold.net':80
- 'tr###grain.net':80
- 'mi###old.net':80
- 'wi###ver.net':80
- 'wi###old.net':80
- 'du###old.net':80
- 'du###rain.net':80
- 'du###ver.net':80
- 'wi###rain.net':80
- 'da###uesday.net':80
- 'cl###peace.net':80
- 'cl####uesday.net':80
- 'cl###gift.net':80
- 'da###ift.net':80
- 'da###eace.net':80
- 'tr###over.net':80
- 'mi###rain.net':80
- 'mi###ver.net':80
- 'mi###ome.net':80
- 'tr###home.net':80
- 'ca###old.net':80
- 'he###old.net':80
- 'he###rain.net':80
- 'he###ver.net':80
- 'ca###rain.net':80
- 'qu###home.net':80
- 'qu###grain.net':80
- 'th###rain.net':80
- 'th###ver.net':80
- 'th###ome.net':80
- 'qu###over.net':80
- 'si###over.net':80
- 'th###grain.net':80
- 'th###over.net':80
- 'th###home.net':80
- 'si###home.net':80
- 'si###grain.net':80
- 'he###ome.net':80
- 'ca###ver.net':80
- 'ca###ome.net':80
- 'th###gold.net':80
- 'si###gold.net':80
- 'da###ouse.net':80
- 'he###ift.net':80
- 'ca###uesday.net':80
- 'ca###ift.net':80
- 'ca###ouse.net':80
- 'he###ouse.net':80
- 'he###uesday.net':80
- 'th###ouse.net':80
- 'qu###gift.net':80
- 'qu###house.net':80
- 'ca###eace.net':80
- 'he###eace.net':80
- 'de###lxc.com':80
- 'si###house.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'th###gift.net':80
- 'th###peace.net':80
- 'si###peace.net':80
- 'si####uesday.net':80
- 'si###gift.net':80
- 'th####uesday.net':80
- 'si###ouse.net':80
- 'me###ift.net':80
- 'me###ouse.net':80
- 'su###ypeace.net':80
- 'mo###eace.net':80
- 'si###ift.net':80
- 'si###eace.net':80
- 'cl###house.net':80
- 'me###eace.net':80
- 'me###uesday.net':80
- 'si###uesday.net':80
- 'qu###peace.net':80
- 'th###eace.net':80
- 'th###uesday.net':80
- 'th###ift.net':80
- 'qu####uesday.net':80
- 'su###yhouse.net':80
- 'su####tuesday.net':80
- 'mo###uesday.net':80
- 'mo###ift.net':80
- 'mo###ouse.net':80
- 'su###ygift.net':80
- http://wi###ome.net/index.php
- http://du###ome.net/index.php
- http://tr###gold.net/index.php
- http://tr###grain.net/index.php
- http://mi###old.net/index.php
- http://wi###ver.net/index.php
- http://wi###old.net/index.php
- http://du###old.net/index.php
- http://du###rain.net/index.php
- http://du###ver.net/index.php
- http://wi###rain.net/index.php
- http://da###uesday.net/index.php
- http://cl###peace.net/index.php
- http://cl####uesday.net/index.php
- http://cl###gift.net/index.php
- http://da###ift.net/index.php
- http://da###eace.net/index.php
- http://tr###over.net/index.php
- http://mi###rain.net/index.php
- http://mi###ver.net/index.php
- http://mi###ome.net/index.php
- http://tr###home.net/index.php
- http://ca###old.net/index.php
- http://he###old.net/index.php
- http://he###rain.net/index.php
- http://he###ver.net/index.php
- http://ca###rain.net/index.php
- http://qu###home.net/index.php
- http://qu###grain.net/index.php
- http://th###rain.net/index.php
- http://th###ver.net/index.php
- http://th###ome.net/index.php
- http://qu###over.net/index.php
- http://si###over.net/index.php
- http://th###grain.net/index.php
- http://th###over.net/index.php
- http://th###home.net/index.php
- http://si###home.net/index.php
- http://si###grain.net/index.php
- http://he###ome.net/index.php
- http://ca###ver.net/index.php
- http://ca###ome.net/index.php
- http://th###gold.net/index.php
- http://si###gold.net/index.php
- http://da###ouse.net/index.php
- http://he###ift.net/index.php
- http://ca###uesday.net/index.php
- http://ca###ift.net/index.php
- http://ca###ouse.net/index.php
- http://he###ouse.net/index.php
- http://he###uesday.net/index.php
- http://th###ouse.net/index.php
- http://qu###gift.net/index.php
- http://qu###house.net/index.php
- http://ca###eace.net/index.php
- http://he###eace.net/index.php
- http://de###lxc.com/index.php
- http://si###house.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://th###gift.net/index.php
- http://th###peace.net/index.php
- http://si###peace.net/index.php
- http://si####uesday.net/index.php
- http://si###gift.net/index.php
- http://th####uesday.net/index.php
- http://si###ouse.net/index.php
- http://me###ift.net/index.php
- http://me###ouse.net/index.php
- http://su###ypeace.net/index.php
- http://mo###eace.net/index.php
- http://si###ift.net/index.php
- http://si###eace.net/index.php
- http://cl###house.net/index.php
- http://me###eace.net/index.php
- http://me###uesday.net/index.php
- http://si###uesday.net/index.php
- http://qu###peace.net/index.php
- http://th###eace.net/index.php
- http://th###uesday.net/index.php
- http://th###ift.net/index.php
- http://qu####uesday.net/index.php
- http://su###yhouse.net/index.php
- http://su####tuesday.net/index.php
- http://mo###uesday.net/index.php
- http://mo###ift.net/index.php
- http://mo###ouse.net/index.php
- http://su###ygift.net/index.php
- DNS ASK tr###gold.net
- DNS ASK wi###ome.net
- DNS ASK mi###old.net
- DNS ASK mi###rain.net
- DNS ASK tr###grain.net
- DNS ASK du###ome.net
- DNS ASK du###rain.net
- DNS ASK wi###old.net
- DNS ASK wi###rain.net
- DNS ASK wi###ver.net
- DNS ASK du###ver.net
- DNS ASK cl####uesday.net
- DNS ASK da###uesday.net
- DNS ASK da###ift.net
- DNS ASK da###ouse.net
- DNS ASK cl###gift.net
- DNS ASK cl###peace.net
- DNS ASK mi###ver.net
- DNS ASK tr###over.net
- DNS ASK tr###home.net
- DNS ASK da###eace.net
- DNS ASK mi###ome.net
- DNS ASK du###old.net
- DNS ASK ca###old.net
- DNS ASK he###old.net
- DNS ASK he###rain.net
- DNS ASK he###ver.net
- DNS ASK ca###rain.net
- DNS ASK qu###home.net
- DNS ASK qu###grain.net
- DNS ASK th###rain.net
- DNS ASK th###ver.net
- DNS ASK th###ome.net
- DNS ASK qu###over.net
- DNS ASK si###over.net
- DNS ASK th###grain.net
- DNS ASK th###over.net
- DNS ASK th###home.net
- DNS ASK si###home.net
- DNS ASK si###grain.net
- DNS ASK he###ome.net
- DNS ASK ca###ver.net
- DNS ASK ca###ome.net
- DNS ASK th###gold.net
- DNS ASK si###gold.net
- DNS ASK he###ift.net
- DNS ASK ca###uesday.net
- DNS ASK ca###ift.net
- DNS ASK ca###ouse.net
- DNS ASK he###ouse.net
- DNS ASK he###uesday.net
- DNS ASK th###ouse.net
- DNS ASK qu###gift.net
- DNS ASK qu###house.net
- DNS ASK ca###eace.net
- DNS ASK he###eace.net
- DNS ASK de###lxc.com
- DNS ASK si###house.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK th###gift.net
- DNS ASK th###peace.net
- DNS ASK si###peace.net
- DNS ASK si####uesday.net
- DNS ASK si###gift.net
- DNS ASK th####uesday.net
- DNS ASK si###ouse.net
- DNS ASK me###ift.net
- DNS ASK me###ouse.net
- DNS ASK su###ypeace.net
- DNS ASK mo###eace.net
- DNS ASK si###ift.net
- DNS ASK si###eace.net
- DNS ASK cl###house.net
- DNS ASK me###eace.net
- DNS ASK me###uesday.net
- DNS ASK si###uesday.net
- DNS ASK qu###peace.net
- DNS ASK th###eace.net
- DNS ASK th###uesday.net
- DNS ASK th###ift.net
- DNS ASK qu####uesday.net
- DNS ASK su###yhouse.net
- DNS ASK su####tuesday.net
- DNS ASK mo###uesday.net
- DNS ASK mo###ift.net
- DNS ASK mo###ouse.net
- DNS ASK su###ygift.net
- '23#.#55.255.250':1900