Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Upgrade Shadow Service WLAN Grouping' = '<SYSTEM32>\stddvmtw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Presentation Awareness PC Problem File] 'ImagePath' = '<SYSTEM32>\stddvmtw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Presentation Awareness PC Problem File] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\ofqhtzlwqwn.exe' "<SYSTEM32>\stddvmtw.exe"
- '%WINDIR%\Temp\yphspgb3296md.exe' -r 50492 tcp
- '%TEMP%\yphspgb2xv7mdwpklodck.exe'
- '<SYSTEM32>\stddvmtw.exe'
- <SYSTEM32>\yyxynqear\run
- <SYSTEM32>\yyxynqear\rng
- %WINDIR%\Temp\yphspgb3296md.exe
- <SYSTEM32>\yyxynqear\cfg
- <SYSTEM32>\ofqhtzlwqwn.exe
- %TEMP%\yphspgb2xv7mdwpklodck.exe
- <SYSTEM32>\yyxynqear\tst
- <SYSTEM32>\stddvmtw.exe
- <SYSTEM32>\yyxynqear\etc
- <SYSTEM32>\ofqhtzlwqwn.exe
- <SYSTEM32>\stddvmtw.exe
- %WINDIR%\Temp\yphspgb3296md.exe
- <DRIVERS>\etc\hosts
- %TEMP%\yphspgb2xv7mdwpklodck.exe
- 'mo###step.net':80
- 'wa###tep.net':80
- 'fa###lack.net':80
- 'fa###rown.net':80
- 'le###black.net':80
- 'wa###rown.net':80
- 'mo###black.net':80
- 'mo###grown.net':80
- 'mo###plain.net':80
- 'wa###lain.net':80
- 'le###grown.net':80
- 'ga###rown.net':80
- 'bo###lack.net':80
- 'bo###rown.net':80
- 'bo###lain.net':80
- 'ga###lain.net':80
- 'le###plain.net':80
- 'fa###lain.net':80
- 'fa###tep.net':80
- 'ga###lack.net':80
- 'le###step.net':80
- 'wa###lack.net':80
- 'af###black.net':80
- 'fo###black.net':80
- 'fo###grown.net':80
- 'fo###plain.net':80
- 'af###grown.net':80
- 'we####dayplain.net':80
- 'se###rown.net':80
- 'se###lain.net':80
- 'se###tep.net':80
- 'we####daystep.net':80
- 'af###plain.net':80
- 'we###lain.net':80
- 'st###grown.net':80
- 'st###plain.net':80
- 'st###step.net':80
- 'we###tep.net':80
- 'af###step.net':80
- 'fo###step.net':80
- 'we###lack.net':80
- 'we###rown.net':80
- 'st###black.net':80
- 'de###ther.net':80
- 'sh###wall.net':80
- 'sh###other.net':80
- 'sh###forty.net':80
- 'de###orty.net':80
- 'pu###orty.net':80
- 'fr###yforty.net':80
- 'fr###yfree.net':80
- 'de###all.net':80
- 'pu###ree.net':80
- 'de###ree.net':80
- 'de###lxc.com':80
- 'ti###orty.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'ti###all.net':80
- 'sh###free.net':80
- 'mo###wall.net':80
- 'mo###other.net':80
- 'ti###ther.net':80
- 'pu###ther.net':80
- 'qu###plain.net':80
- 'fi###grown.net':80
- 'fi###plain.net':80
- 'fi###step.net':80
- 'qu###step.net':80
- 'bo###tep.net':80
- 'ga###tep.net':80
- 'qu###black.net':80
- 'qu###grown.net':80
- 'fi###black.net':80
- 'de####erwall.net':80
- 'al###free.net':80
- 'de####erfree.net':80
- 'fr###ywall.net':80
- 'fr###yother.net':80
- 'pu###all.net':80
- 'de####erother.net':80
- 'al###wall.net':80
- 'al###other.net':80
- 'al###forty.net':80
- 'de####erforty.net':80
- http://mo###step.net/index.php
- http://wa###tep.net/index.php
- http://fa###lack.net/index.php
- http://fa###rown.net/index.php
- http://le###black.net/index.php
- http://wa###rown.net/index.php
- http://mo###black.net/index.php
- http://mo###grown.net/index.php
- http://mo###plain.net/index.php
- http://wa###lain.net/index.php
- http://le###grown.net/index.php
- http://ga###rown.net/index.php
- http://bo###lack.net/index.php
- http://bo###rown.net/index.php
- http://bo###lain.net/index.php
- http://ga###lain.net/index.php
- http://le###plain.net/index.php
- http://fa###lain.net/index.php
- http://fa###tep.net/index.php
- http://ga###lack.net/index.php
- http://le###step.net/index.php
- http://wa###lack.net/index.php
- http://af###black.net/index.php
- http://fo###black.net/index.php
- http://fo###grown.net/index.php
- http://fo###plain.net/index.php
- http://af###grown.net/index.php
- http://we####dayplain.net/index.php
- http://se###rown.net/index.php
- http://se###lain.net/index.php
- http://se###tep.net/index.php
- http://we####daystep.net/index.php
- http://af###plain.net/index.php
- http://we###lain.net/index.php
- http://st###grown.net/index.php
- http://st###plain.net/index.php
- http://st###step.net/index.php
- http://we###tep.net/index.php
- http://af###step.net/index.php
- http://fo###step.net/index.php
- http://we###lack.net/index.php
- http://we###rown.net/index.php
- http://st###black.net/index.php
- http://de###ther.net/index.php
- http://sh###wall.net/index.php
- http://sh###other.net/index.php
- http://sh###forty.net/index.php
- http://de###orty.net/index.php
- http://pu###orty.net/index.php
- http://fr###yforty.net/index.php
- http://fr###yfree.net/index.php
- http://de###all.net/index.php
- http://pu###ree.net/index.php
- http://de###ree.net/index.php
- http://de###lxc.com/index.php
- http://ti###orty.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://ti###all.net/index.php
- http://sh###free.net/index.php
- http://mo###wall.net/index.php
- http://mo###other.net/index.php
- http://ti###ther.net/index.php
- http://pu###ther.net/index.php
- http://qu###plain.net/index.php
- http://fi###grown.net/index.php
- http://fi###plain.net/index.php
- http://fi###step.net/index.php
- http://qu###step.net/index.php
- http://bo###tep.net/index.php
- http://ga###tep.net/index.php
- http://qu###black.net/index.php
- http://qu###grown.net/index.php
- http://fi###black.net/index.php
- http://de####erwall.net/index.php
- http://al###free.net/index.php
- http://de####erfree.net/index.php
- http://fr###ywall.net/index.php
- http://fr###yother.net/index.php
- http://pu###all.net/index.php
- http://de####erother.net/index.php
- http://al###wall.net/index.php
- http://al###other.net/index.php
- http://al###forty.net/index.php
- http://de####erforty.net/index.php
- DNS ASK mo###step.net
- DNS ASK wa###tep.net
- DNS ASK fa###lack.net
- DNS ASK fa###rown.net
- DNS ASK le###black.net
- DNS ASK mo###plain.net
- DNS ASK mo###black.net
- DNS ASK wa###lack.net
- DNS ASK wa###rown.net
- DNS ASK wa###lain.net
- DNS ASK mo###grown.net
- DNS ASK ga###rown.net
- DNS ASK bo###lack.net
- DNS ASK bo###rown.net
- DNS ASK bo###lain.net
- DNS ASK ga###lain.net
- DNS ASK ga###lack.net
- DNS ASK fa###lain.net
- DNS ASK le###grown.net
- DNS ASK le###plain.net
- DNS ASK le###step.net
- DNS ASK fa###tep.net
- DNS ASK af###black.net
- DNS ASK fo###black.net
- DNS ASK fo###grown.net
- DNS ASK fo###plain.net
- DNS ASK af###grown.net
- DNS ASK se###tep.net
- DNS ASK se###rown.net
- DNS ASK we####daygrown.net
- DNS ASK we####dayplain.net
- DNS ASK we####daystep.net
- DNS ASK se###lain.net
- DNS ASK we###lain.net
- DNS ASK st###grown.net
- DNS ASK st###plain.net
- DNS ASK st###step.net
- DNS ASK we###tep.net
- DNS ASK we###rown.net
- DNS ASK fo###step.net
- DNS ASK af###plain.net
- DNS ASK af###step.net
- DNS ASK st###black.net
- DNS ASK we###lack.net
- DNS ASK de###ther.net
- DNS ASK sh###wall.net
- DNS ASK sh###other.net
- DNS ASK sh###forty.net
- DNS ASK de###orty.net
- DNS ASK pu###orty.net
- DNS ASK fr###yforty.net
- DNS ASK fr###yfree.net
- DNS ASK de###all.net
- DNS ASK pu###ree.net
- DNS ASK de###ree.net
- DNS ASK de###lxc.com
- DNS ASK ti###orty.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK ti###all.net
- DNS ASK sh###free.net
- DNS ASK mo###wall.net
- DNS ASK mo###other.net
- DNS ASK ti###ther.net
- DNS ASK pu###ther.net
- DNS ASK qu###plain.net
- DNS ASK fi###grown.net
- DNS ASK fi###plain.net
- DNS ASK fi###step.net
- DNS ASK qu###step.net
- DNS ASK bo###tep.net
- DNS ASK ga###tep.net
- DNS ASK qu###black.net
- DNS ASK qu###grown.net
- DNS ASK fi###black.net
- DNS ASK de####erwall.net
- DNS ASK al###free.net
- DNS ASK de####erfree.net
- DNS ASK fr###ywall.net
- DNS ASK fr###yother.net
- DNS ASK pu###all.net
- DNS ASK de####erother.net
- DNS ASK al###wall.net
- DNS ASK al###other.net
- DNS ASK al###forty.net
- DNS ASK de####erforty.net
- '23#.#55.255.250':1900