Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Remote Controls Workstation Bus NetBIOS' = '<SYSTEM32>\rbqqojdhlgye.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Encryption WLAN Name Secure Connectivity IP] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\jqzssqhixjkt.exe' "<SYSTEM32>\rbqqojdhlgye.exe"
- '%WINDIR%\Temp\xcjsus2libezi.exe' -r 36048 tcp
- '%TEMP%\xcjsus2hdgezinjhsqxwg.exe'
- '<SYSTEM32>\rbqqojdhlgye.exe'
- <SYSTEM32>\lkqbhashtl\run
- <SYSTEM32>\lkqbhashtl\rng
- %WINDIR%\Temp\xcjsus2libezi.exe
- <SYSTEM32>\lkqbhashtl\cfg
- <SYSTEM32>\jqzssqhixjkt.exe
- %TEMP%\xcjsus2hdgezinjhsqxwg.exe
- <SYSTEM32>\lkqbhashtl\tst
- <SYSTEM32>\rbqqojdhlgye.exe
- <SYSTEM32>\lkqbhashtl\etc
- <SYSTEM32>\jqzssqhixjkt.exe
- <SYSTEM32>\rbqqojdhlgye.exe
- %WINDIR%\Temp\xcjsus2libezi.exe
- <DRIVERS>\etc\hosts
- %TEMP%\xcjsus2hdgezinjhsqxwg.exe
- 'wa###next.net':80
- 'fa###ext.net':80
- 'wa###been.net':80
- 'fa###all.net':80
- 'wa###cook.net':80
- 'fa###ook.net':80
- 'dr###cook.net':80
- 'th###ook.net':80
- 'dr###next.net':80
- 'fa###een.net':80
- 'dr###tall.net':80
- 'th###all.net':80
- 'sp###tall.net':80
- 'vi###tall.net':80
- 'sp###cook.net':80
- 'gr###next.net':80
- 'eq###been.net':80
- 'gr###been.net':80
- 'sp###been.net':80
- 'vi###been.net':80
- 'wa###tall.net':80
- 'vi###cook.net':80
- 'sp###next.net':80
- 'vi###next.net':80
- 'th###ext.net':80
- 'wh###sugar.net':80
- 'up###tand.net':80
- 'wh###stand.net':80
- 'up###ass.net':80
- 'wh###pass.net':80
- 'up###ugar.net':80
- 'sa###ass.net':80
- 'sp###ugar.net':80
- 'sa###ugar.net':80
- 'sp###gain.net':80
- 'sa###gain.net':80
- 'sp###ass.net':80
- 'so###again.net':80
- 'ar###pass.net':80
- 'so###pass.net':80
- 'dr###been.net':80
- 'th###een.net':80
- 'ar###again.net':80
- 'so###stand.net':80
- 'up###gain.net':80
- 'wh###again.net':80
- 'ar###sugar.net':80
- 'so###sugar.net':80
- 'ar###stand.net':80
- 'so###cook.net':80
- 'ar###next.net':80
- 'so###next.net':80
- 'ri###nstorm.net':80
- 'so###tall.net':80
- 'ar###cook.net':80
- 'wh###tall.net':80
- 'up###ook.net':80
- 'wh###cook.net':80
- 'ar###been.net':80
- 'so###been.net':80
- 'up###all.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'mo###ugust.net':80
- 'ef###tbuilt.net':80
- 'th###while.net':80
- 'jo####ymeasure.net':80
- 'pr####tbottom.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'mi###hown.net':80
- 'ab###ell.net':80
- 'mo###olor.net':80
- 'up###ext.net':80
- 'gl###ext.net':80
- 'ta###next.net':80
- 'gl###een.net':80
- 'ta###tall.net':80
- 'gl###ook.net':80
- 'ta###cook.net':80
- 'eq###cook.net':80
- 'gr###cook.net':80
- 'eq###next.net':80
- 'ta###been.net':80
- 'eq###tall.net':80
- 'gr###tall.net':80
- 'sp###all.net':80
- 'sa###all.net':80
- 'sp###ook.net':80
- 'wh###next.net':80
- 'up###een.net':80
- 'wh###been.net':80
- 'sp###een.net':80
- 'sa###een.net':80
- 'gl###all.net':80
- 'sa###ook.net':80
- 'sp###ext.net':80
- 'sa###ext.net':80
- http://wa###next.net/index.php
- http://fa###ext.net/index.php
- http://wa###been.net/index.php
- http://fa###all.net/index.php
- http://wa###cook.net/index.php
- http://fa###ook.net/index.php
- http://dr###cook.net/index.php
- http://th###ook.net/index.php
- http://dr###next.net/index.php
- http://fa###een.net/index.php
- http://dr###tall.net/index.php
- http://th###all.net/index.php
- http://sp###tall.net/index.php
- http://vi###tall.net/index.php
- http://sp###cook.net/index.php
- http://gr###next.net/index.php
- http://eq###been.net/index.php
- http://gr###been.net/index.php
- http://sp###been.net/index.php
- http://vi###been.net/index.php
- http://wa###tall.net/index.php
- http://vi###cook.net/index.php
- http://sp###next.net/index.php
- http://vi###next.net/index.php
- http://th###ext.net/index.php
- http://wh###sugar.net/index.php
- http://up###tand.net/index.php
- http://wh###stand.net/index.php
- http://up###ass.net/index.php
- http://wh###pass.net/index.php
- http://up###ugar.net/index.php
- http://sa###ass.net/index.php
- http://sp###ugar.net/index.php
- http://sa###ugar.net/index.php
- http://sp###gain.net/index.php
- http://sa###gain.net/index.php
- http://sp###ass.net/index.php
- http://so###again.net/index.php
- http://ar###pass.net/index.php
- http://so###pass.net/index.php
- http://dr###been.net/index.php
- http://th###een.net/index.php
- http://ar###again.net/index.php
- http://so###stand.net/index.php
- http://up###gain.net/index.php
- http://wh###again.net/index.php
- http://ar###sugar.net/index.php
- http://so###sugar.net/index.php
- http://ar###stand.net/index.php
- http://so###cook.net/index.php
- http://ar###next.net/index.php
- http://so###next.net/index.php
- http://ri###nstorm.net/index.php
- http://so###tall.net/index.php
- http://ar###cook.net/index.php
- http://wh###tall.net/index.php
- http://up###ook.net/index.php
- http://wh###cook.net/index.php
- http://ar###been.net/index.php
- http://so###been.net/index.php
- http://up###all.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://mo###ugust.net/index.php
- http://ef###tbuilt.net/index.php
- http://th###while.net/index.php
- http://jo####ymeasure.net/index.php
- http://pr####tbottom.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://mi###hown.net/index.php
- http://ab###ell.net/index.php
- http://mo###olor.net/index.php
- http://up###ext.net/index.php
- http://gl###ext.net/index.php
- http://ta###next.net/index.php
- http://gl###een.net/index.php
- http://ta###tall.net/index.php
- http://gl###ook.net/index.php
- http://ta###cook.net/index.php
- http://eq###cook.net/index.php
- http://gr###cook.net/index.php
- http://eq###next.net/index.php
- http://ta###been.net/index.php
- http://eq###tall.net/index.php
- http://gr###tall.net/index.php
- http://sp###all.net/index.php
- http://sa###all.net/index.php
- http://sp###ook.net/index.php
- http://wh###next.net/index.php
- http://up###een.net/index.php
- http://wh###been.net/index.php
- http://sp###een.net/index.php
- http://sa###een.net/index.php
- http://gl###all.net/index.php
- http://sa###ook.net/index.php
- http://sp###ext.net/index.php
- http://sa###ext.net/index.php
- DNS ASK wa###next.net
- DNS ASK fa###ext.net
- DNS ASK wa###been.net
- DNS ASK fa###all.net
- DNS ASK wa###cook.net
- DNS ASK fa###ook.net
- DNS ASK dr###cook.net
- DNS ASK th###ook.net
- DNS ASK dr###next.net
- DNS ASK fa###een.net
- DNS ASK dr###tall.net
- DNS ASK th###all.net
- DNS ASK sp###tall.net
- DNS ASK vi###tall.net
- DNS ASK sp###cook.net
- DNS ASK gr###next.net
- DNS ASK eq###been.net
- DNS ASK gr###been.net
- DNS ASK sp###been.net
- DNS ASK vi###been.net
- DNS ASK wa###tall.net
- DNS ASK vi###cook.net
- DNS ASK sp###next.net
- DNS ASK vi###next.net
- DNS ASK th###ext.net
- DNS ASK wh###sugar.net
- DNS ASK up###tand.net
- DNS ASK wh###stand.net
- DNS ASK up###ass.net
- DNS ASK wh###pass.net
- DNS ASK up###ugar.net
- DNS ASK sa###ass.net
- DNS ASK sp###ugar.net
- DNS ASK sa###ugar.net
- DNS ASK sp###gain.net
- DNS ASK sa###gain.net
- DNS ASK sp###ass.net
- DNS ASK so###again.net
- DNS ASK ar###pass.net
- DNS ASK so###pass.net
- DNS ASK dr###been.net
- DNS ASK th###een.net
- DNS ASK ar###again.net
- DNS ASK so###stand.net
- DNS ASK up###gain.net
- DNS ASK wh###again.net
- DNS ASK ar###sugar.net
- DNS ASK so###sugar.net
- DNS ASK ar###stand.net
- DNS ASK eq###next.net
- DNS ASK so###cook.net
- DNS ASK ar###next.net
- DNS ASK so###next.net
- DNS ASK ri###nstorm.net
- DNS ASK so###tall.net
- DNS ASK ar###cook.net
- DNS ASK wh###tall.net
- DNS ASK up###ook.net
- DNS ASK wh###cook.net
- DNS ASK ar###been.net
- DNS ASK so###been.net
- DNS ASK up###all.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK mo###ugust.net
- DNS ASK ef###tbuilt.net
- DNS ASK th###while.net
- DNS ASK jo####ymeasure.net
- DNS ASK pr####tbottom.net
- DNS ASK ca####nbring.net
- DNS ASK al###being.net
- DNS ASK mi###hown.net
- DNS ASK ab###ell.net
- DNS ASK mo###olor.net
- DNS ASK ta###cook.net
- DNS ASK gl###ext.net
- DNS ASK ta###next.net
- DNS ASK gl###all.net
- DNS ASK ta###tall.net
- DNS ASK gl###ook.net
- DNS ASK gr###tall.net
- DNS ASK eq###cook.net
- DNS ASK gr###cook.net
- DNS ASK gl###een.net
- DNS ASK ta###been.net
- DNS ASK eq###tall.net
- DNS ASK wh###been.net
- DNS ASK sp###all.net
- DNS ASK sa###all.net
- DNS ASK up###ext.net
- DNS ASK wh###next.net
- DNS ASK up###een.net
- DNS ASK sa###ext.net
- DNS ASK sp###een.net
- DNS ASK sa###een.net
- DNS ASK sp###ook.net
- DNS ASK sa###ook.net
- DNS ASK sp###ext.net
- '23#.#55.255.250':1900