Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Protection Secondary Color Controls Credential' = 'C:\llstebganvdyxiv\hreixwjoqpa.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Driver Search Publication Copy] 'Start' = '00000002'
- 'C:\llstebganvdyxiv\ydnyjsmupn.exe' "c:\llstebganvdyxiv\hreixwjoqpa.exe"
- 'C:\llstebganvdyxiv\hreixwjoqpa.exe'
- 'C:\llstebganvdyxiv\rzkau3813hqsw3s1tty.exe'
- C:\llstebganvdyxiv\hreixwjoqpa.exe
- C:\llstebganvdyxiv\ydnyjsmupn.exe
- C:\llstebganvdyxiv\rzkau3813hqsw3s1tty.exe
- %WINDIR%\llstebganvdyxiv\ksfib2g
- C:\llstebganvdyxiv\ksfib2g
- C:\llstebganvdyxiv\ydnyjsmupn.exe
- C:\llstebganvdyxiv\hreixwjoqpa.exe
- C:\llstebganvdyxiv\rzkau3813hqsw3s1tty.exe
- %WINDIR%\llstebganvdyxiv\ksfib2g
- 'su###rwagon.net':80
- 'cr###wagon.net':80
- 'be####robable.net':80
- 'kn####robable.net':80
- 'su####without.net':80
- 'cr####itchen.net':80
- 'su####probable.net':80
- 'cr####ithout.net':80
- 'su####kitchen.net':80
- 'kn####itchen.net':80
- 'fo####probable.net':80
- 'me####probable.net':80
- 'fo####kitchen.net':80
- 'me####kitchen.net':80
- 'be###wagon.net':80
- 'kn####ithout.net':80
- 'be####itchen.net':80
- 'kn###wagon.net':80
- 'be####ithout.net':80
- 'sm####ithout.net':80
- 'wo####itchen.net':80
- 'sm###wagon.net':80
- 'wo####ithout.net':80
- 'sm####itchen.net':80
- 'pa###wagon.net':80
- 'fi###wagon.net':80
- 'wo####robable.net':80
- 'sm####robable.net':80
- 'wo###wagon.net':80
- 'wa###wagon.net':80
- 'th####twithout.net':80
- 'cr####robable.net':80
- 'th####twagon.net':80
- 'wa####ithout.net':80
- 'th####tprobable.net':80
- 'wa####robable.net':80
- 'th####tkitchen.net':80
- 'wa####itchen.net':80
- 'pa###bridge.net':80
- 'fi###bridge.net':80
- 'pa###except.net':80
- 'fi###except.net':80
- 'pa####icycle.net':80
- 'fi###whose.net':80
- 'fr###wagon.net':80
- 'fi####icycle.net':80
- 'pa###whose.net':80
- 'sm###whose.net':80
- 'wo###except.net':80
- 'sm###except.net':80
- 'th####twhose.net':80
- 'wa###whose.net':80
- 'wo###bridge.net':80
- 'sm####icycle.net':80
- 'wo###whose.net':80
- 'sm###bridge.net':80
- 'wo####icycle.net':80
- 'al####ykitchen.net':80
- 'ge#####anprobable.net':80
- 'al####ywithout.net':80
- 'ge#####ankitchen.net':80
- 'al####yprobable.net':80
- 'fo####without.net':80
- 'me####without.net':80
- 'fo###wwagon.net':80
- 'me###rwagon.net':80
- 'ge#####anwithout.net':80
- 'ex#####ncewithout.net':80
- 'fr####itchen.net':80
- 'ex####encewagon.net':80
- 'fr####ithout.net':80
- 'ex#####ncekitchen.net':80
- 'ge####manwagon.net':80
- 'al####ywagon.net':80
- 'fr####robable.net':80
- 'ex#####nceprobable.net':80
- http://su###rwagon.net/index.php
- http://cr###wagon.net/index.php
- http://be####robable.net/index.php
- http://kn####robable.net/index.php
- http://su####without.net/index.php
- http://cr####itchen.net/index.php
- http://su####probable.net/index.php
- http://cr####ithout.net/index.php
- http://su####kitchen.net/index.php
- http://kn####itchen.net/index.php
- http://fo####probable.net/index.php
- http://me####probable.net/index.php
- http://fo####kitchen.net/index.php
- http://me####kitchen.net/index.php
- http://be###wagon.net/index.php
- http://kn####ithout.net/index.php
- http://be####itchen.net/index.php
- http://kn###wagon.net/index.php
- http://be####ithout.net/index.php
- http://sm####ithout.net/index.php
- http://wo####itchen.net/index.php
- http://sm###wagon.net/index.php
- http://wo####ithout.net/index.php
- http://sm####itchen.net/index.php
- http://pa###wagon.net/index.php
- http://fi###wagon.net/index.php
- http://wo####robable.net/index.php
- http://sm####robable.net/index.php
- http://wo###wagon.net/index.php
- http://wa###wagon.net/index.php
- http://th####twithout.net/index.php
- http://cr####robable.net/index.php
- http://th####twagon.net/index.php
- http://wa####ithout.net/index.php
- http://th####tprobable.net/index.php
- http://wa####robable.net/index.php
- http://th####tkitchen.net/index.php
- http://wa####itchen.net/index.php
- http://pa###bridge.net/index.php
- http://fi###bridge.net/index.php
- http://pa###except.net/index.php
- http://fi###except.net/index.php
- http://pa####icycle.net/index.php
- http://fi###whose.net/index.php
- http://fr###wagon.net/index.php
- http://fi####icycle.net/index.php
- http://pa###whose.net/index.php
- http://sm###whose.net/index.php
- http://wo###except.net/index.php
- http://sm###except.net/index.php
- http://th####twhose.net/index.php
- http://wa###whose.net/index.php
- http://wo###bridge.net/index.php
- http://sm####icycle.net/index.php
- http://wo###whose.net/index.php
- http://sm###bridge.net/index.php
- http://wo####icycle.net/index.php
- http://al####ykitchen.net/index.php
- http://ge#####anprobable.net/index.php
- http://al####ywithout.net/index.php
- http://ge#####ankitchen.net/index.php
- http://al####yprobable.net/index.php
- http://fo####without.net/index.php
- http://me####without.net/index.php
- http://fo###wwagon.net/index.php
- http://me###rwagon.net/index.php
- http://ge#####anwithout.net/index.php
- http://ex#####ncewithout.net/index.php
- http://fr####itchen.net/index.php
- http://ex####encewagon.net/index.php
- http://fr####ithout.net/index.php
- http://ex#####ncekitchen.net/index.php
- http://ge####manwagon.net/index.php
- http://al####ywagon.net/index.php
- http://fr####robable.net/index.php
- http://ex#####nceprobable.net/index.php
- DNS ASK cr###wagon.net
- DNS ASK su####without.net
- DNS ASK kn####robable.net
- DNS ASK su###rwagon.net
- DNS ASK cr####ithout.net
- DNS ASK su####probable.net
- DNS ASK cr####robable.net
- DNS ASK su####kitchen.net
- DNS ASK cr####itchen.net
- DNS ASK be####robable.net
- DNS ASK me####probable.net
- DNS ASK be###wagon.net
- DNS ASK me####kitchen.net
- DNS ASK fo####probable.net
- DNS ASK kn###wagon.net
- DNS ASK be####itchen.net
- DNS ASK kn####itchen.net
- DNS ASK be####ithout.net
- DNS ASK kn####ithout.net
- DNS ASK wo####itchen.net
- DNS ASK sm####itchen.net
- DNS ASK wo####ithout.net
- DNS ASK sm####ithout.net
- DNS ASK wo####robable.net
- DNS ASK fi###wagon.net
- DNS ASK pa####ithout.net
- DNS ASK sm####robable.net
- DNS ASK pa###wagon.net
- DNS ASK sm###wagon.net
- DNS ASK th####twithout.net
- DNS ASK wa####ithout.net
- DNS ASK th####twagon.net
- DNS ASK wa###wagon.net
- DNS ASK th####tkitchen.net
- DNS ASK wa####robable.net
- DNS ASK wo###wagon.net
- DNS ASK wa####itchen.net
- DNS ASK th####tprobable.net
- DNS ASK fo####kitchen.net
- DNS ASK pa###bridge.net
- DNS ASK fi###bridge.net
- DNS ASK pa###except.net
- DNS ASK fi###except.net
- DNS ASK pa####icycle.net
- DNS ASK fi###whose.net
- DNS ASK fr###wagon.net
- DNS ASK fi####icycle.net
- DNS ASK pa###whose.net
- DNS ASK sm###whose.net
- DNS ASK wo###except.net
- DNS ASK sm###except.net
- DNS ASK th####twhose.net
- DNS ASK wa###whose.net
- DNS ASK wo###bridge.net
- DNS ASK sm####icycle.net
- DNS ASK wo###whose.net
- DNS ASK sm###bridge.net
- DNS ASK wo####icycle.net
- DNS ASK al####ykitchen.net
- DNS ASK ge#####anprobable.net
- DNS ASK al####ywithout.net
- DNS ASK ge#####ankitchen.net
- DNS ASK al####yprobable.net
- DNS ASK fo####without.net
- DNS ASK me####without.net
- DNS ASK fo###wwagon.net
- DNS ASK me###rwagon.net
- DNS ASK ge#####anwithout.net
- DNS ASK ex#####ncewithout.net
- DNS ASK fr####itchen.net
- DNS ASK ex####encewagon.net
- DNS ASK fr####ithout.net
- DNS ASK ex#####ncekitchen.net
- DNS ASK ge####manwagon.net
- DNS ASK al####ywagon.net
- DNS ASK fr####robable.net
- DNS ASK ex#####nceprobable.net
- ClassName: 'Shell_TrayWnd' WindowName: ''