Technical Information
Modifies file system
Modifies the following files
Network activity
Connects to
- 'sh###per.org':80
- 'ma###tube.eu':80
- 'af####nnudist.eu':80
- 'nu###tvid.xyz':80
- 'cd#.#opcash.net':80
- 'fe###ntly.xyz':80
- 'st##.link':80
- 'ca###tlnk.com':443
- 'x1.#.lencr.org':80
- 'r3.#.lencr.org':80
TCP
HTTP GET requests
- http://sh###per.org/milhhbtkj.cgi?2&###################################################
- http://i.###vently.xyz/streamrotator/thumbs/qk/588164.jpg
- http://i.###vently.xyz/streamrotator/thumbs/ek/576922.jpg
- http://i.###vently.xyz/streamrotator/thumbs/ki/478149.jpg
- http://i.###vently.xyz/streamrotator/thumbs/cf/314577.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Xf/361429.jpg
- http://i.###vently.xyz/streamrotator/thumbs/tk/591331.jpg
- http://i.###vently.xyz/streamrotator/thumbs/fh/421529.jpg
- http://i.###vently.xyz/streamrotator/thumbs/vk/593134.jpg
- http://i.###vently.xyz/streamrotator/thumbs/ck/574764.jpg
- http://i.###vently.xyz/streamrotator/thumbs/ki/478182.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Bj/547529.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Hi/501820.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Zf/363679.jpg
- http://i.###vently.xyz/streamrotator/thumbs/kk/582946.jpg
- http://i.###vently.xyz/streamrotator/thumbs/fi/473067.jpg
- http://i.###vently.xyz/streamrotator/thumbs/sk/590788.jpg
- http://i.###vently.xyz/streamrotator/thumbs/jk/581028.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Uj/566488.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Ui/514903.jpg
- http://st##.link/kjq3.html
- http://i.###vently.xyz/streamrotator/thumbs/xi/491540.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Ug/410458.jpg
- http://i.###vently.xyz/streamrotator/thumbs/xj/543076.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Rj/563541.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Zi/519510.jpg
- http://i.###vently.xyz/streamrotator/thumbs/mg/376213.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Nh/455729.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Zj/571313.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Ki/504631.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Fj/551653.jpg
- http://i.###vently.xyz/streamrotator/thumbs/nk/585367.jpg
- http://i.###vently.xyz/streamrotator/thumbs/fk/577376.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Se/304803.jpg
- http://i.###vently.xyz/streamrotator/thumbs/bb/105731.jpg
- http://i.###vently.xyz/streamrotator/thumbs/uk/592435.jpg
- http://i.###vently.xyz/streamrotator/thumbs/bk/573437.jpg
- http://i.###vently.xyz/streamrotator/thumbs/ak/572529.jpg
- http://i.###vently.xyz/streamrotator/thumbs/zk/597223.jpg
- http://fe###ntly.xyz/
- http://nu###tvid.xyz/ftt2/o.php
- http://nu###tvid.xyz/ftt2/check.php?t=#############################################################
- http://cd#.#opcash.net/pop.js
- http://nu###tvid.xyz/
- http://af####nnudist.eu/ftt2/o.php
- http://af####nnudist.eu/ftt2/check.php?t=#############################################################
- http://af####nnudist.eu/
- http://sh###per.org/milhhbtkj.cgi?2&###############################
- http://ma###tube.eu/ftt2/o.php
- http://ma###tube.eu/ftt2/check.php?t=#############################################################
- http://sh###per.org/ajn.cgi?14###########
- http://ma###tube.eu/
- http://sh###per.org/dvh.cgi?4
- http://fe###ntly.xyz/fervently.png
- http://i.###vently.xyz/streamrotator/thumbs/qk/588448.jpg
- http://fe###ntly.xyz/f/check.php?t=#############################################################
- http://i.###vently.xyz/streamrotator/thumbs/fk/577334.jpg
- http://i.###vently.xyz/streamrotator/thumbs/mk/584844.jpg
- http://i.###vently.xyz/streamrotator/thumbs/xk/595284.jpg
- http://i.###vently.xyz/streamrotator/thumbs/ok/586096.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Yj/570255.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Zj/571086.jpg
- http://i.###vently.xyz/streamrotator/thumbs/yk/596208.jpg
- http://i.###vently.xyz/streamrotator/thumbs/xk/595551.jpg
- http://i.###vently.xyz/streamrotator/thumbs/nk/585137.jpg
- http://i.###vently.xyz/streamrotator/thumbs/fi/473718.jpg
- http://x1.#.lencr.org/
- http://i.###vently.xyz/streamrotator/thumbs/ok/586816.jpg
- http://i.###vently.xyz/streamrotator/thumbs/yk/596573.jpg
- http://i.###vently.xyz/streamrotator/thumbs/rj/537042.jpg
- http://i.###vently.xyz/streamrotator/thumbs/mk/584366.jpg
- http://i.###vently.xyz/streamrotator/thumbs/oi/482941.jpg
- http://i.###vently.xyz/streamrotator/thumbs/yk/596336.jpg
- http://i.###vently.xyz/streamrotator/thumbs/sk/590612.jpg
- http://i.###vently.xyz/streamrotator/thumbs/Ji/503702.jpg
- http://r3.#.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQJ4fKytzkGGvI%2FbX%2Bf5xUUlw%3D%3D
Other
- 'ca###tlnk.com':443
UDP
- DNS ASK sh###per.org
- DNS ASK ma###tube.eu
- DNS ASK nu####-video.top
- DNS ASK af####nnudist.eu
- DNS ASK nu###tvid.xyz
- DNS ASK cd#.#opcash.net
- DNS ASK fe###ntly.xyz
- DNS ASK i.###vently.xyz
- DNS ASK st##.link
- DNS ASK ca###tlnk.com
- DNS ASK microsoft.com
- DNS ASK x1.#.lencr.org
- DNS ASK r3.#.lencr.org
Miscellaneous
Searches for the following windows
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
