Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Biometric Tracking UPnP Net.Tcp TPM' = '<SYSTEM32>\wivbpocp.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Class File Redirector Discovery] 'Start' = '00000002'
- Windows Security Center
- <SYSTEM32>\nizjysx.exe "<SYSTEM32>\wivbpocp.exe"
- %WINDIR%\Temp\gghnhiku28lhgs28g.exe -r 35566 tcp
- %TEMP%\gghnhiku2605gs28yafyg5f.exe
- <SYSTEM32>\wivbpocp.exe
- <SYSTEM32>\uoczlfixz\run
- <SYSTEM32>\uoczlfixz\rng
- <SYSTEM32>\uoczlfixz\cfg
- <SYSTEM32>\uoczlfixz\por
- %WINDIR%\Temp\gghnhiku28lhgs28g.exe
- %TEMP%\gghnhiku2605gs28yafyg5f.exe
- <SYSTEM32>\uoczlfixz\tst
- <SYSTEM32>\uoczlfixz\etc
- <SYSTEM32>\nizjysx.exe
- <SYSTEM32>\wivbpocp.exe
- <SYSTEM32>\nizjysx.exe
- <SYSTEM32>\wivbpocp.exe
- %WINDIR%\Temp\gghnhiku28lhgs28g.exe
- %TEMP%\gghnhiku2605gs28yafyg5f.exe
- <DRIVERS>\etc\hosts
- 'pa####ciostit.net':80
- 'nu######casanuteintorci.net':80
- 'bo####utanase.net':80
- 'hi###anblog.net':80
- 've####tistic.net':80
- 'af####chmonitor.net':80
- 'jo###ryta.net':80
- 'gr####oholist.net':80
- 'gj####vcaouy.net':80
- 'cr######ucoarnedecal.net':80
- 'ka####tixter.net':80
- 'wa####rbulldog.net':80
- 'pe####ersonals.net':80
- 'de###batten.net':80
- 'ch####rsdolist.net':80
- 'ja###uter.net':80
- 'ma#####ousestoday.net':80
- 'su#####ollarsyes.net':80
- 'ge#####alixtentop.net':80
- 'fa######pulepunctcom.net':80
- 'bl#####eronredmoon.net':80
- 'ge#####alixtentop.com':80
- 'ka####tixter.com':80
- 'fa######pulepunctcom.com':80
- 'ja###uter.com':80
- 'wa####rbulldog.com':80
- 'gr####oholist.com':80
- 'jo###ryta.com':80
- 'gj####vcaouy.com':80
- 've####tistic.com':80
- 'pa####ciostit.com':80
- 'af####chmonitor.com':80
- 'bl#####eronredmoon.com':80
- 'ma#####ousestoday.com':80
- 'pe####ersonals.com':80
- 'ch####rsdolist.com':80
- 'de###batten.com':80
- 'nu######casanuteintorci.com':80
- 'cr######ucoarnedecal.com':80
- 'bo####utanase.com':80
- 'su#####ollarsyes.com':80
- 'hi###anblog.com':80
- pa####ciostit.net/so31/isup.php?v=###################
- nu######casanuteintorci.net/so31/isup.php?v=###################
- bo####utanase.net/so31/isup.php?v=###################
- hi###anblog.net/so31/isup.php?v=###################
- ve####tistic.net/so31/isup.php?v=###################
- af####chmonitor.net/so31/isup.php?v=###################
- jo###ryta.net/so31/isup.php?v=###################
- gr####oholist.net/so31/isup.php?v=###################
- gj####vcaouy.net/so31/isup.php?v=###################
- cr######ucoarnedecal.net/so31/isup.php?v=###################
- ka####tixter.net/so31/isup.php?v=###################
- wa####rbulldog.net/so31/isup.php?v=###################
- pe####ersonals.net/so31/isup.php?v=###################
- de###batten.net/so31/isup.php?v=###################
- ch####rsdolist.net/so31/isup.php?v=###################
- ja###uter.net/so31/isup.php?v=###################
- ma#####ousestoday.net/so31/isup.php?v=###################
- su#####ollarsyes.net/so31/isup.php?v=###################
- ge#####alixtentop.net/so31/isup.php?v=###################
- fa######pulepunctcom.net/so31/isup.php?v=###################
- bl#####eronredmoon.net/so31/isup.php?v=###################
- ge#####alixtentop.com/so31/isup.php?v=###################
- ka####tixter.com/so31/isup.php?v=###################
- fa######pulepunctcom.com/so31/isup.php?v=###################
- ja###uter.com/so31/isup.php?v=###################
- wa####rbulldog.com/so31/isup.php?v=###################
- gr####oholist.com/so31/isup.php?v=###################
- jo###ryta.com/so31/isup.php?v=###################
- gj####vcaouy.com/so31/isup.php?v=###################
- ve####tistic.com/so31/isup.php?v=###################
- pa####ciostit.com/so31/isup.php?v=###################
- af####chmonitor.com/so31/isup.php?v=###################
- bl#####eronredmoon.com/so31/isup.php?v=###################
- ma#####ousestoday.com/so31/isup.php?v=###################
- pe####ersonals.com/so31/isup.php?v=###################
- ch####rsdolist.com/so31/isup.php?v=###################
- de###batten.com/so31/isup.php?v=###################
- nu######casanuteintorci.com/so31/isup.php?v=###################
- cr######ucoarnedecal.com/so31/isup.php?v=###################
- bo####utanase.com/so31/isup.php?v=###################
- su#####ollarsyes.com/so31/isup.php?v=###################
- hi###anblog.com/so31/isup.php?v=###################
- DNS ASK pa####ciostit.net
- DNS ASK nu######casanuteintorci.net
- DNS ASK bo####utanase.net
- DNS ASK hi###anblog.net
- DNS ASK ve####tistic.net
- DNS ASK af####chmonitor.net
- DNS ASK jo###ryta.net
- DNS ASK gr####oholist.net
- DNS ASK gj####vcaouy.net
- DNS ASK cr######ucoarnedecal.net
- DNS ASK ka####tixter.net
- DNS ASK wa####rbulldog.net
- DNS ASK pe####ersonals.net
- DNS ASK de###batten.net
- DNS ASK ch####rsdolist.net
- DNS ASK ja###uter.net
- DNS ASK ma#####ousestoday.net
- DNS ASK su#####ollarsyes.net
- DNS ASK ge#####alixtentop.net
- DNS ASK fa######pulepunctcom.net
- DNS ASK bl#####eronredmoon.net
- DNS ASK ch####rsdolist.com
- DNS ASK ge#####alixtentop.com
- DNS ASK ka####tixter.com
- DNS ASK fa######pulepunctcom.com
- DNS ASK ja###uter.com
- DNS ASK wa####rbulldog.com
- DNS ASK gr####oholist.com
- DNS ASK jo###ryta.com
- DNS ASK gj####vcaouy.com
- DNS ASK ve####tistic.com
- DNS ASK pa####ciostit.com
- DNS ASK ma#####ousestoday.com
- DNS ASK su#####ollarsyes.com
- DNS ASK bl#####eronredmoon.com
- DNS ASK de###batten.com
- DNS ASK pe####ersonals.com
- DNS ASK cr######ucoarnedecal.com
- DNS ASK af####chmonitor.com
- DNS ASK nu######casanuteintorci.com
- DNS ASK hi###anblog.com
- DNS ASK bo####utanase.com
- '23#.#55.255.250':1900