Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Controls Spooler System Gateway' = '<SYSTEM32>\ivnwkum.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Location Video Brightness System] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\siywmkhli.exe' "<SYSTEM32>\ivnwkum.exe"
- '%WINDIR%\Temp\dqdlbdvg2lhven.exe' -r 34608 tcp
- '%TEMP%\dqdlbdvg2gz4enpe2ces.exe'
- '<SYSTEM32>\ivnwkum.exe'
- <SYSTEM32>\qrnmukfphbm\run
- <SYSTEM32>\qrnmukfphbm\rng
- %WINDIR%\Temp\dqdlbdvg2lhven.exe
- <SYSTEM32>\qrnmukfphbm\cfg
- <SYSTEM32>\siywmkhli.exe
- %TEMP%\dqdlbdvg2gz4enpe2ces.exe
- <SYSTEM32>\qrnmukfphbm\tst
- <SYSTEM32>\ivnwkum.exe
- <SYSTEM32>\qrnmukfphbm\etc
- <SYSTEM32>\siywmkhli.exe
- <SYSTEM32>\ivnwkum.exe
- %WINDIR%\Temp\dqdlbdvg2lhven.exe
- <DRIVERS>\etc\hosts
- %TEMP%\dqdlbdvg2gz4enpe2ces.exe
- 'gl###gain.net':80
- 'ta###again.net':80
- 'sa###tand.net':80
- 'sa###ugar.net':80
- 'sp###tand.net':80
- 'gl###ass.net':80
- 'gl###tand.net':80
- 'ta###stand.net':80
- 'ta###sugar.net':80
- 'ta###pass.net':80
- 'gl###ugar.net':80
- 'wh###sugar.net':80
- 'up###tand.net':80
- 'up###ugar.net':80
- 'up###ass.net':80
- 'wh###pass.net':80
- 'wh###stand.net':80
- 'sa###ass.net':80
- 'sp###ugar.net':80
- 'sp###ass.net':80
- 'sp###gain.net':80
- 'sa###gain.net':80
- 'sp###stand.net':80
- 'vi###stand.net':80
- 'vi###sugar.net':80
- 'vi###pass.net':80
- 'sp###sugar.net':80
- 'wa###again.net':80
- 'wa###sugar.net':80
- 'fa###ugar.net':80
- 'fa###ass.net':80
- 'fa###gain.net':80
- 'wa###pass.net':80
- 'gr###pass.net':80
- 'eq###sugar.net':80
- 'eq###pass.net':80
- 'eq###again.net':80
- 'gr###again.net':80
- 'gr###sugar.net':80
- 'vi###again.net':80
- 'sp###pass.net':80
- 'sp###again.net':80
- 'eq###stand.net':80
- 'gr###stand.net':80
- 'wh###again.net':80
- 'vi###cook.net':80
- 'sp###next.net':80
- 'sp###cook.net':80
- 'sp###tall.net':80
- 'vi###tall.net':80
- 'vi###next.net':80
- 'fa###all.net':80
- 'wa###cook.net':80
- 'wa###tall.net':80
- 'sp###been.net':80
- 'vi###been.net':80
- 'de###lxc.com':80
- 'gr###tall.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'eq###cook.net':80
- 'eq###been.net':80
- 'gr###been.net':80
- 'gr###next.net':80
- 'gr###cook.net':80
- 'eq###next.net':80
- 'so###again.net':80
- 'ar###pass.net':80
- 'ar###again.net':80
- 'dr###been.net':80
- 'th###een.net':80
- 'so###pass.net':80
- 'so###stand.net':80
- 'up###gain.net':80
- 'ar###stand.net':80
- 'ar###sugar.net':80
- 'so###sugar.net':80
- 'wa###been.net':80
- 'fa###een.net':80
- 'fa###ext.net':80
- 'fa###ook.net':80
- 'wa###next.net':80
- 'dr###tall.net':80
- 'dr###next.net':80
- 'th###ext.net':80
- 'th###ook.net':80
- 'th###all.net':80
- 'dr###cook.net':80
- http://gl###gain.net/index.php
- http://ta###again.net/index.php
- http://sa###tand.net/index.php
- http://sa###ugar.net/index.php
- http://sp###tand.net/index.php
- http://gl###ass.net/index.php
- http://gl###tand.net/index.php
- http://ta###stand.net/index.php
- http://ta###sugar.net/index.php
- http://ta###pass.net/index.php
- http://gl###ugar.net/index.php
- http://wh###sugar.net/index.php
- http://up###tand.net/index.php
- http://up###ugar.net/index.php
- http://up###ass.net/index.php
- http://wh###pass.net/index.php
- http://wh###stand.net/index.php
- http://sa###ass.net/index.php
- http://sp###ugar.net/index.php
- http://sp###ass.net/index.php
- http://sp###gain.net/index.php
- http://sa###gain.net/index.php
- http://sp###stand.net/index.php
- http://vi###stand.net/index.php
- http://vi###sugar.net/index.php
- http://vi###pass.net/index.php
- http://sp###sugar.net/index.php
- http://wa###again.net/index.php
- http://wa###sugar.net/index.php
- http://fa###ugar.net/index.php
- http://fa###ass.net/index.php
- http://fa###gain.net/index.php
- http://wa###pass.net/index.php
- http://gr###pass.net/index.php
- http://eq###sugar.net/index.php
- http://eq###pass.net/index.php
- http://eq###again.net/index.php
- http://gr###again.net/index.php
- http://gr###sugar.net/index.php
- http://vi###again.net/index.php
- http://sp###pass.net/index.php
- http://sp###again.net/index.php
- http://eq###stand.net/index.php
- http://gr###stand.net/index.php
- http://wh###again.net/index.php
- http://vi###cook.net/index.php
- http://sp###next.net/index.php
- http://sp###cook.net/index.php
- http://sp###tall.net/index.php
- http://vi###tall.net/index.php
- http://vi###next.net/index.php
- http://fa###all.net/index.php
- http://wa###cook.net/index.php
- http://wa###tall.net/index.php
- http://sp###been.net/index.php
- http://vi###been.net/index.php
- http://de###lxc.com/index.php
- http://gr###tall.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://eq###cook.net/index.php
- http://eq###been.net/index.php
- http://gr###been.net/index.php
- http://gr###next.net/index.php
- http://gr###cook.net/index.php
- http://eq###next.net/index.php
- http://so###again.net/index.php
- http://ar###pass.net/index.php
- http://ar###again.net/index.php
- http://dr###been.net/index.php
- http://th###een.net/index.php
- http://so###pass.net/index.php
- http://so###stand.net/index.php
- http://up###gain.net/index.php
- http://ar###stand.net/index.php
- http://ar###sugar.net/index.php
- http://so###sugar.net/index.php
- http://wa###been.net/index.php
- http://fa###een.net/index.php
- http://fa###ext.net/index.php
- http://fa###ook.net/index.php
- http://wa###next.net/index.php
- http://dr###tall.net/index.php
- http://dr###next.net/index.php
- http://th###ext.net/index.php
- http://th###ook.net/index.php
- http://th###all.net/index.php
- http://dr###cook.net/index.php
- DNS ASK sa###tand.net
- DNS ASK gl###gain.net
- DNS ASK sp###tand.net
- DNS ASK sp###ugar.net
- DNS ASK sa###ugar.net
- DNS ASK ta###again.net
- DNS ASK ta###sugar.net
- DNS ASK gl###tand.net
- DNS ASK gl###ugar.net
- DNS ASK gl###ass.net
- DNS ASK ta###pass.net
- DNS ASK up###ugar.net
- DNS ASK wh###sugar.net
- DNS ASK wh###pass.net
- DNS ASK wh###again.net
- DNS ASK up###ass.net
- DNS ASK up###tand.net
- DNS ASK sp###ass.net
- DNS ASK sa###ass.net
- DNS ASK sa###gain.net
- DNS ASK wh###stand.net
- DNS ASK sp###gain.net
- DNS ASK ta###stand.net
- DNS ASK sp###stand.net
- DNS ASK vi###stand.net
- DNS ASK vi###sugar.net
- DNS ASK vi###pass.net
- DNS ASK sp###sugar.net
- DNS ASK wa###again.net
- DNS ASK wa###sugar.net
- DNS ASK fa###ugar.net
- DNS ASK fa###ass.net
- DNS ASK fa###gain.net
- DNS ASK wa###pass.net
- DNS ASK gr###pass.net
- DNS ASK eq###sugar.net
- DNS ASK eq###pass.net
- DNS ASK eq###again.net
- DNS ASK gr###again.net
- DNS ASK gr###sugar.net
- DNS ASK vi###again.net
- DNS ASK sp###pass.net
- DNS ASK sp###again.net
- DNS ASK eq###stand.net
- DNS ASK gr###stand.net
- DNS ASK vi###cook.net
- DNS ASK sp###next.net
- DNS ASK sp###cook.net
- DNS ASK sp###tall.net
- DNS ASK vi###tall.net
- DNS ASK vi###next.net
- DNS ASK fa###all.net
- DNS ASK wa###cook.net
- DNS ASK wa###tall.net
- DNS ASK sp###been.net
- DNS ASK vi###been.net
- DNS ASK de###lxc.com
- DNS ASK gr###tall.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK eq###cook.net
- DNS ASK eq###been.net
- DNS ASK gr###been.net
- DNS ASK gr###next.net
- DNS ASK gr###cook.net
- DNS ASK eq###next.net
- DNS ASK so###again.net
- DNS ASK ar###pass.net
- DNS ASK ar###again.net
- DNS ASK dr###been.net
- DNS ASK th###een.net
- DNS ASK so###pass.net
- DNS ASK so###stand.net
- DNS ASK up###gain.net
- DNS ASK ar###stand.net
- DNS ASK ar###sugar.net
- DNS ASK so###sugar.net
- DNS ASK wa###been.net
- DNS ASK fa###een.net
- DNS ASK fa###ext.net
- DNS ASK fa###ook.net
- DNS ASK wa###next.net
- DNS ASK dr###tall.net
- DNS ASK dr###next.net
- DNS ASK th###ext.net
- DNS ASK th###ook.net
- DNS ASK th###all.net
- DNS ASK dr###cook.net
- '23#.#55.255.250':1900