Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Encryption Shadow Plug Acquisition Human DLL' = '<SYSTEM32>\ptfhfplwozlg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\AutoConfig Tablet UPnP Parental] 'ImagePath' = '<SYSTEM32>\ptfhfplwozlg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\AutoConfig Tablet UPnP Parental] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\fzjdejwls.exe' "<SYSTEM32>\ptfhfplwozlg.exe"
- '%WINDIR%\Temp\prpcurl2xc3awtn.exe' -r 41597 tcp
- '%TEMP%\prpcurl2oowawtnuudaa7nj.exe'
- '<SYSTEM32>\ptfhfplwozlg.exe'
- <SYSTEM32>\iuxsjipksmo\run
- <SYSTEM32>\iuxsjipksmo\rng
- %WINDIR%\Temp\prpcurl2xc3awtn.exe
- <SYSTEM32>\iuxsjipksmo\cfg
- <SYSTEM32>\fzjdejwls.exe
- %TEMP%\prpcurl2oowawtnuudaa7nj.exe
- <SYSTEM32>\iuxsjipksmo\tst
- <SYSTEM32>\ptfhfplwozlg.exe
- <SYSTEM32>\iuxsjipksmo\etc
- <SYSTEM32>\fzjdejwls.exe
- <SYSTEM32>\ptfhfplwozlg.exe
- %WINDIR%\Temp\prpcurl2xc3awtn.exe
- <DRIVERS>\etc\hosts
- %TEMP%\prpcurl2oowawtnuudaa7nj.exe
- 'we####dayblood.net':80
- 'se###aily.net':80
- 'se###lood.net':80
- 'af###full.net':80
- 'fo###full.net':80
- 'we####daydaily.net':80
- 'we####dayfull.net':80
- 'dr###blood.net':80
- 'se###ull.net':80
- 'se###ose.net':80
- 'we####daylose.net':80
- 'st###full.net':80
- 'we###ull.net':80
- 'we###ose.net':80
- 'we###aily.net':80
- 'st###lose.net':80
- 'af###blood.net':80
- 'af###lose.net':80
- 'fo###lose.net':80
- 'fo###daily.net':80
- 'fo###blood.net':80
- 'af###daily.net':80
- 'qu###have.net':80
- 'bo###old.net':80
- 'fi###have.net':80
- 'fi###ocean.net':80
- 'qu###ocean.net':80
- 'ga###old.net':80
- 'ga###cean.net':80
- 'bo###ave.net':80
- 'bo###cean.net':80
- 'bo###econd.net':80
- 'ga###econd.net':80
- 'dr###lose.net':80
- 'na###ose.net':80
- 'na###aily.net':80
- 'na###lood.net':80
- 'dr###daily.net':80
- 'dr###full.net':80
- 'fi###second.net':80
- 'qu###second.net':80
- 'qu###hold.net':80
- 'na###ull.net':80
- 'fi###hold.net':80
- 'qu###lose.net':80
- 'fi###full.net':80
- 'fi###lose.net':80
- 'al###being.net':80
- 'ri###nstorm.net':80
- 'qu###full.net':80
- 'ga###aily.net':80
- 'bo###ose.net':80
- 'bo###aily.net':80
- 'bo###lood.net':80
- 'ga###lood.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'jo####ymeasure.net':80
- 'ef###tbuilt.net':80
- 'th###while.net':80
- 'mo###ugust.net':80
- 'pr####tbottom.net':80
- 'ca####nbring.net':80
- 'mo###olor.net':80
- 'mi###hown.net':80
- 'ab###ell.net':80
- 'wa###aily.net':80
- 'mo###lose.net':80
- 'mo###daily.net':80
- 'mo###blood.net':80
- 'wa###lood.net':80
- 'wa###ose.net':80
- 'we###lood.net':80
- 'st###daily.net':80
- 'st###blood.net':80
- 'mo###full.net':80
- 'wa###ull.net':80
- 'le###blood.net':80
- 'fa###lood.net':80
- 'ga###ull.net':80
- 'ga###ose.net':80
- 'bo###ull.net':80
- 'le###daily.net':80
- 'le###full.net':80
- 'fa###ull.net':80
- 'fa###ose.net':80
- 'fa###aily.net':80
- 'le###lose.net':80
- http://we####dayblood.net/index.php
- http://se###aily.net/index.php
- http://se###lood.net/index.php
- http://af###full.net/index.php
- http://fo###full.net/index.php
- http://we####daydaily.net/index.php
- http://we####dayfull.net/index.php
- http://dr###blood.net/index.php
- http://se###ull.net/index.php
- http://se###ose.net/index.php
- http://we####daylose.net/index.php
- http://st###full.net/index.php
- http://we###ull.net/index.php
- http://we###ose.net/index.php
- http://we###aily.net/index.php
- http://st###lose.net/index.php
- http://af###blood.net/index.php
- http://af###lose.net/index.php
- http://fo###lose.net/index.php
- http://fo###daily.net/index.php
- http://fo###blood.net/index.php
- http://af###daily.net/index.php
- http://qu###have.net/index.php
- http://bo###old.net/index.php
- http://fi###have.net/index.php
- http://fi###ocean.net/index.php
- http://qu###ocean.net/index.php
- http://ga###old.net/index.php
- http://ga###cean.net/index.php
- http://bo###ave.net/index.php
- http://bo###cean.net/index.php
- http://bo###econd.net/index.php
- http://ga###econd.net/index.php
- http://dr###lose.net/index.php
- http://na###ose.net/index.php
- http://na###aily.net/index.php
- http://na###lood.net/index.php
- http://dr###daily.net/index.php
- http://dr###full.net/index.php
- http://fi###second.net/index.php
- http://qu###second.net/index.php
- http://qu###hold.net/index.php
- http://na###ull.net/index.php
- http://fi###hold.net/index.php
- http://qu###lose.net/index.php
- http://fi###full.net/index.php
- http://fi###lose.net/index.php
- http://al###being.net/index.php
- http://ri###nstorm.net/index.php
- http://qu###full.net/index.php
- http://ga###aily.net/index.php
- http://bo###ose.net/index.php
- http://bo###aily.net/index.php
- http://bo###lood.net/index.php
- http://ga###lood.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://jo####ymeasure.net/index.php
- http://ef###tbuilt.net/index.php
- http://th###while.net/index.php
- http://mo###ugust.net/index.php
- http://pr####tbottom.net/index.php
- http://ca####nbring.net/index.php
- http://mo###olor.net/index.php
- http://mi###hown.net/index.php
- http://ab###ell.net/index.php
- http://wa###aily.net/index.php
- http://mo###lose.net/index.php
- http://mo###daily.net/index.php
- http://mo###blood.net/index.php
- http://wa###lood.net/index.php
- http://wa###ose.net/index.php
- http://we###lood.net/index.php
- http://st###daily.net/index.php
- http://st###blood.net/index.php
- http://mo###full.net/index.php
- http://wa###ull.net/index.php
- http://le###blood.net/index.php
- http://fa###lood.net/index.php
- http://ga###ull.net/index.php
- http://ga###ose.net/index.php
- http://bo###ull.net/index.php
- http://le###daily.net/index.php
- http://le###full.net/index.php
- http://fa###ull.net/index.php
- http://fa###ose.net/index.php
- http://fa###aily.net/index.php
- http://le###lose.net/index.php
- DNS ASK we####dayblood.net
- DNS ASK se###aily.net
- DNS ASK se###lood.net
- DNS ASK af###full.net
- DNS ASK fo###full.net
- DNS ASK we####daydaily.net
- DNS ASK we####dayfull.net
- DNS ASK dr###blood.net
- DNS ASK se###ull.net
- DNS ASK se###ose.net
- DNS ASK we####daylose.net
- DNS ASK st###full.net
- DNS ASK we###ull.net
- DNS ASK we###ose.net
- DNS ASK we###aily.net
- DNS ASK st###lose.net
- DNS ASK af###blood.net
- DNS ASK af###lose.net
- DNS ASK fo###lose.net
- DNS ASK fo###daily.net
- DNS ASK fo###blood.net
- DNS ASK af###daily.net
- DNS ASK na###lood.net
- DNS ASK bo###old.net
- DNS ASK ga###old.net
- DNS ASK qu###have.net
- DNS ASK qu###ocean.net
- DNS ASK fi###have.net
- DNS ASK bo###econd.net
- DNS ASK bo###ave.net
- DNS ASK ga###ave.net
- DNS ASK ga###cean.net
- DNS ASK ga###econd.net
- DNS ASK bo###cean.net
- DNS ASK na###ose.net
- DNS ASK dr###full.net
- DNS ASK dr###lose.net
- DNS ASK dr###daily.net
- DNS ASK na###aily.net
- DNS ASK na###ull.net
- DNS ASK qu###second.net
- DNS ASK fi###ocean.net
- DNS ASK fi###second.net
- DNS ASK fi###hold.net
- DNS ASK qu###hold.net
- DNS ASK qu###lose.net
- DNS ASK fi###full.net
- DNS ASK fi###lose.net
- DNS ASK al###being.net
- DNS ASK ri###nstorm.net
- DNS ASK qu###full.net
- DNS ASK ga###aily.net
- DNS ASK bo###ose.net
- DNS ASK bo###aily.net
- DNS ASK bo###lood.net
- DNS ASK ga###lood.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK jo####ymeasure.net
- DNS ASK ef###tbuilt.net
- DNS ASK th###while.net
- DNS ASK mo###ugust.net
- DNS ASK pr####tbottom.net
- DNS ASK ca####nbring.net
- DNS ASK mo###olor.net
- DNS ASK mi###hown.net
- DNS ASK ab###ell.net
- DNS ASK wa###aily.net
- DNS ASK mo###lose.net
- DNS ASK mo###daily.net
- DNS ASK mo###blood.net
- DNS ASK wa###lood.net
- DNS ASK wa###ose.net
- DNS ASK we###lood.net
- DNS ASK st###daily.net
- DNS ASK st###blood.net
- DNS ASK mo###full.net
- DNS ASK wa###ull.net
- DNS ASK le###blood.net
- DNS ASK fa###lood.net
- DNS ASK ga###ull.net
- DNS ASK ga###ose.net
- DNS ASK bo###ull.net
- DNS ASK le###daily.net
- DNS ASK le###full.net
- DNS ASK fa###ull.net
- DNS ASK fa###ose.net
- DNS ASK fa###aily.net
- DNS ASK le###lose.net
- '23#.#55.255.250':1900