Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Remote ActiveX Keying Modules WinHTTP Driver' = 'C:\drllmjo\avglrszyv.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Provider Link-Layer Config] 'Start' = '00000002'
- 'C:\drllmjo\ctxrlxhxle.exe' "c:\drllmjo\avglrszyv.exe"
- 'C:\drllmjo\avglrszyv.exe'
- 'C:\drllmjo\me93co6z2ctjcnuvfly.exe'
- C:\drllmjo\avglrszyv.exe
- C:\drllmjo\ctxrlxhxle.exe
- C:\drllmjo\me93co6z2ctjcnuvfly.exe
- %WINDIR%\drllmjo\xt3zmey
- C:\drllmjo\xt3zmey
- C:\drllmjo\ctxrlxhxle.exe
- C:\drllmjo\avglrszyv.exe
- C:\drllmjo\me93co6z2ctjcnuvfly.exe
- %WINDIR%\drllmjo\xt3zmey
- 'me####govern.net':80
- 'fo####govern.net':80
- 'kn###nature.net':80
- 'be###nature.net':80
- 'me####needle.net':80
- 'fo####needle.net':80
- 'me####enough.net':80
- 'fo####enough.net':80
- 'kn###govern.net':80
- 'be###govern.net':80
- 'cr###nature.net':80
- 'su####nature.net':80
- 'kn###needle.net':80
- 'be###needle.net':80
- 'kn###enough.net':80
- 'be###enough.net':80
- 'me####nature.net':80
- 'fr###govern.net':80
- 'ex#####nceenough.net':80
- 'ge####mannature.net':80
- 'ex#####ncegovern.net':80
- 'fr###needle.net':80
- 'ex#####ncenature.net':80
- 'fr###enough.net':80
- 'ex#####nceneedle.net':80
- 'ge####mangovern.net':80
- 'al####yenough.net':80
- 'fo####nature.net':80
- 'al####ygovern.net':80
- 'ge####manneedle.net':80
- 'al####ynature.net':80
- 'ge####manenough.net':80
- 'al####yneedle.net':80
- http://me####govern.net/index.php
- http://fo####govern.net/index.php
- http://kn###nature.net/index.php
- http://be###nature.net/index.php
- http://me####needle.net/index.php
- http://fo####needle.net/index.php
- http://me####enough.net/index.php
- http://fo####enough.net/index.php
- http://kn###govern.net/index.php
- http://be###govern.net/index.php
- http://cr###nature.net/index.php
- http://su####nature.net/index.php
- http://kn###needle.net/index.php
- http://be###needle.net/index.php
- http://kn###enough.net/index.php
- http://be###enough.net/index.php
- http://me####nature.net/index.php
- http://fr###govern.net/index.php
- http://ex#####nceenough.net/index.php
- http://ge####mannature.net/index.php
- http://ex#####ncegovern.net/index.php
- http://fr###needle.net/index.php
- http://ex#####ncenature.net/index.php
- http://fr###enough.net/index.php
- http://ex#####nceneedle.net/index.php
- http://ge####mangovern.net/index.php
- http://al####yenough.net/index.php
- http://fo####nature.net/index.php
- http://al####ygovern.net/index.php
- http://ge####manneedle.net/index.php
- http://al####ynature.net/index.php
- http://ge####manenough.net/index.php
- http://al####yneedle.net/index.php
- DNS ASK me####govern.net
- DNS ASK fo####govern.net
- DNS ASK kn###nature.net
- DNS ASK be###nature.net
- DNS ASK me####needle.net
- DNS ASK fo####needle.net
- DNS ASK me####enough.net
- DNS ASK fo####enough.net
- DNS ASK be###needle.net
- DNS ASK su####nature.net
- DNS ASK kn###govern.net
- DNS ASK su####needle.net
- DNS ASK cr###nature.net
- DNS ASK be###enough.net
- DNS ASK kn###needle.net
- DNS ASK be###govern.net
- DNS ASK kn###enough.net
- DNS ASK fr###govern.net
- DNS ASK ex#####nceenough.net
- DNS ASK ge####mannature.net
- DNS ASK ex#####ncegovern.net
- DNS ASK fr###needle.net
- DNS ASK ex#####ncenature.net
- DNS ASK fr###enough.net
- DNS ASK ex#####nceneedle.net
- DNS ASK al####ynature.net
- DNS ASK al####ygovern.net
- DNS ASK ge####mangovern.net
- DNS ASK me####nature.net
- DNS ASK fo####nature.net
- DNS ASK al####yneedle.net
- DNS ASK ge####manneedle.net
- DNS ASK al####yenough.net
- DNS ASK ge####manenough.net
- ClassName: 'Shell_TrayWnd' WindowName: ''