Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Certificate Search Virtual Topology Shadow' = 'C:\gznvsq35dadvf\xpctkygjgpl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Brightness Program CardSpace Parental] 'ImagePath' = 'C:\gznvsq35dadvf\xpctkygjgpl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Brightness Program CardSpace Parental] 'Start' = '00000002'
- 'C:\gznvsq35dadvf\d2vyscobrkt.exe' "c:\gznvsq35dadvf\xpctkygjgpl.exe"
- 'C:\gznvsq35dadvf\xpctkygjgpl.exe'
- 'C:\gznvsq35dadvf\aj90ppqb2kq3qvxw8tisczr.exe'
- C:\gznvsq35dadvf\xpctkygjgpl.exe
- C:\gznvsq35dadvf\d2vyscobrkt.exe
- C:\gznvsq35dadvf\sfu1q6rt3s
- %WINDIR%\gznvsq35dadvf\pfz74ewoa
- C:\gznvsq35dadvf\pfz74ewoa
- C:\gznvsq35dadvf\aj90ppqb2kq3qvxw8tisczr.exe
- C:\gznvsq35dadvf\d2vyscobrkt.exe
- C:\gznvsq35dadvf\xpctkygjgpl.exe
- C:\gznvsq35dadvf\aj90ppqb2kq3qvxw8tisczr.exe
- %WINDIR%\gznvsq35dadvf\pfz74ewoa
- 'ma#####ansymphony.net':80
- 'pr#####lasymphony.net':80
- 'ch#####tacheyenne.net':80
- 'ka#####racheyenne.net':80
- 'ma#####anbradford.net':80
- 'pr#####labradford.net':80
- 'ma#####ankiersten.net':80
- 'pr#####lakiersten.net':80
- 'ch#####tasymphony.net':80
- 'ka#####rasymphony.net':80
- 'ha#####tacheyenne.net':80
- 'co#####cecheyenne.net':80
- 'ch#####tabradford.net':80
- 'ka#####rabradford.net':80
- 'ch#####takiersten.net':80
- 'ka#####rakiersten.net':80
- 'ch#####namarcelyn.net':80
- 'se#####anmarcelyn.net':80
- 'de#####stcheyenne.net':80
- 'la#####iacheyenne.net':80
- 'ch#####nacallahan.net':80
- 'se#####ancallahan.net':80
- 'ch#####nashaquila.net':80
- 'se#####anshaquila.net':80
- 'de#####stsymphony.net':80
- 'la#####iasymphony.net':80
- 'ma#####ancheyenne.net':80
- 'pr#####lacheyenne.net':80
- 'de#####stbradford.net':80
- 'la#####iabradford.net':80
- 'de#####stkiersten.net':80
- 'la#####iakiersten.net':80
- 'co#####cebradford.net':80
- 'cl#####ndcheyenne.net':80
- 'cr#####onsymphony.net':80
- 'cl#####ndbradford.net':80
- 'ch#####necheyenne.net':80
- 'ja#####ynkiersten.net':80
- 'cr#####onbradford.net':80
- 'ja#####ynsymphony.net':80
- 'cr#####onkiersten.net':80
- 'se#####ancheyenne.net':80
- 'ch#####nesymphony.net':80
- 'se#####anbradford.net':80
- 'ch#####nacheyenne.net':80
- 'cl#####ndkiersten.net':80
- 'ch#####nebradford.net':80
- 'cl#####ndsymphony.net':80
- 'ch#####nekiersten.net':80
- 'ja#####tacheyenne.net':80
- 'ha#####tasymphony.net':80
- 'ja#####tabradford.net':80
- 'ro#####necheyenne.net':80
- 'co#####cekiersten.net':80
- 'ha#####tabradford.net':80
- 'co#####cesymphony.net':80
- 'ha#####takiersten.net':80
- 'ja#####yncheyenne.net':80
- 'ro#####nesymphony.net':80
- 'ja#####ynbradford.net':80
- 'cr#####oncheyenne.net':80
- 'ja#####takiersten.net':80
- 'ro#####nebradford.net':80
- 'ja#####tasymphony.net':80
- 'ro#####nekiersten.net':80
- http://ma#####ansymphony.net/index.php
- http://pr#####lasymphony.net/index.php
- http://ch#####tacheyenne.net/index.php
- http://ka#####racheyenne.net/index.php
- http://ma#####anbradford.net/index.php
- http://pr#####labradford.net/index.php
- http://ma#####ankiersten.net/index.php
- http://pr#####lakiersten.net/index.php
- http://ch#####tasymphony.net/index.php
- http://ka#####rasymphony.net/index.php
- http://ha#####tacheyenne.net/index.php
- http://co#####cecheyenne.net/index.php
- http://ch#####tabradford.net/index.php
- http://ka#####rabradford.net/index.php
- http://ch#####takiersten.net/index.php
- http://ka#####rakiersten.net/index.php
- http://ch#####namarcelyn.net/index.php
- http://se#####anmarcelyn.net/index.php
- http://de#####stcheyenne.net/index.php
- http://la#####iacheyenne.net/index.php
- http://ch#####nacallahan.net/index.php
- http://se#####ancallahan.net/index.php
- http://ch#####nashaquila.net/index.php
- http://se#####anshaquila.net/index.php
- http://de#####stsymphony.net/index.php
- http://la#####iasymphony.net/index.php
- http://ma#####ancheyenne.net/index.php
- http://pr#####lacheyenne.net/index.php
- http://de#####stbradford.net/index.php
- http://la#####iabradford.net/index.php
- http://de#####stkiersten.net/index.php
- http://la#####iakiersten.net/index.php
- http://co#####cebradford.net/index.php
- http://cl#####ndcheyenne.net/index.php
- http://cr#####onsymphony.net/index.php
- http://cl#####ndbradford.net/index.php
- http://ch#####necheyenne.net/index.php
- http://ja#####ynkiersten.net/index.php
- http://cr#####onbradford.net/index.php
- http://ja#####ynsymphony.net/index.php
- http://cr#####onkiersten.net/index.php
- http://se#####ancheyenne.net/index.php
- http://ch#####nesymphony.net/index.php
- http://se#####anbradford.net/index.php
- http://ch#####nacheyenne.net/index.php
- http://cl#####ndkiersten.net/index.php
- http://ch#####nebradford.net/index.php
- http://cl#####ndsymphony.net/index.php
- http://ch#####nekiersten.net/index.php
- http://ja#####tacheyenne.net/index.php
- http://ha#####tasymphony.net/index.php
- http://ja#####tabradford.net/index.php
- http://ro#####necheyenne.net/index.php
- http://co#####cekiersten.net/index.php
- http://ha#####tabradford.net/index.php
- http://co#####cesymphony.net/index.php
- http://ha#####takiersten.net/index.php
- http://ja#####yncheyenne.net/index.php
- http://ro#####nesymphony.net/index.php
- http://ja#####ynbradford.net/index.php
- http://cr#####oncheyenne.net/index.php
- http://ja#####takiersten.net/index.php
- http://ro#####nebradford.net/index.php
- http://ja#####tasymphony.net/index.php
- http://ro#####nekiersten.net/index.php
- DNS ASK ma#####ansymphony.net
- DNS ASK pr#####lasymphony.net
- DNS ASK ch#####tacheyenne.net
- DNS ASK ka#####racheyenne.net
- DNS ASK ma#####anbradford.net
- DNS ASK pr#####labradford.net
- DNS ASK ma#####ankiersten.net
- DNS ASK pr#####lakiersten.net
- DNS ASK ch#####tasymphony.net
- DNS ASK ka#####rasymphony.net
- DNS ASK ha#####tacheyenne.net
- DNS ASK co#####cecheyenne.net
- DNS ASK ch#####tabradford.net
- DNS ASK ka#####rabradford.net
- DNS ASK ch#####takiersten.net
- DNS ASK ka#####rakiersten.net
- DNS ASK ma#####ancheyenne.net
- DNS ASK se#####anmarcelyn.net
- DNS ASK ch#####nashaquila.net
- DNS ASK la#####iacheyenne.net
- DNS ASK ch#####namarcelyn.net
- DNS ASK se#####ancallahan.net
- DNS ASK ch#####nakristeen.net
- DNS ASK se#####anshaquila.net
- DNS ASK ch#####nacallahan.net
- DNS ASK la#####iasymphony.net
- DNS ASK de#####stkiersten.net
- DNS ASK pr#####lacheyenne.net
- DNS ASK de#####stsymphony.net
- DNS ASK la#####iabradford.net
- DNS ASK de#####stcheyenne.net
- DNS ASK la#####iakiersten.net
- DNS ASK de#####stbradford.net
- DNS ASK cl#####ndcheyenne.net
- DNS ASK cr#####onsymphony.net
- DNS ASK cl#####ndbradford.net
- DNS ASK ch#####necheyenne.net
- DNS ASK ja#####ynkiersten.net
- DNS ASK cr#####onbradford.net
- DNS ASK ja#####ynsymphony.net
- DNS ASK cr#####onkiersten.net
- DNS ASK se#####ancheyenne.net
- DNS ASK ch#####nesymphony.net
- DNS ASK se#####anbradford.net
- DNS ASK ch#####nacheyenne.net
- DNS ASK cl#####ndkiersten.net
- DNS ASK ch#####nebradford.net
- DNS ASK cl#####ndsymphony.net
- DNS ASK ch#####nekiersten.net
- DNS ASK ja#####ynbradford.net
- DNS ASK ha#####tasymphony.net
- DNS ASK co#####cesymphony.net
- DNS ASK ro#####necheyenne.net
- DNS ASK ja#####tacheyenne.net
- DNS ASK ha#####tabradford.net
- DNS ASK co#####cebradford.net
- DNS ASK ha#####takiersten.net
- DNS ASK co#####cekiersten.net
- DNS ASK ro#####nesymphony.net
- DNS ASK ja#####tasymphony.net
- DNS ASK cr#####oncheyenne.net
- DNS ASK ja#####yncheyenne.net
- DNS ASK ro#####nebradford.net
- DNS ASK ja#####tabradford.net
- DNS ASK ro#####nekiersten.net
- DNS ASK ja#####takiersten.net