Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NetBIOS DLL Tracking Alerts' = 'C:\exwuamelxvku\kryxaicjn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Connectivity Key Discovery Auto] 'Start' = '00000002'
- 'C:\exwuamelxvku\gxpisemhixao.exe' "c:\exwuamelxvku\kryxaicjn.exe"
- 'C:\exwuamelxvku\kryxaicjn.exe'
- 'C:\exwuamelxvku\wgl2rmdg1dwmknfeld.exe'
- C:\exwuamelxvku\kryxaicjn.exe
- C:\exwuamelxvku\gxpisemhixao.exe
- C:\exwuamelxvku\kobvjt8
- %WINDIR%\exwuamelxvku\zetg5pc
- C:\exwuamelxvku\zetg5pc
- C:\exwuamelxvku\wgl2rmdg1dwmknfeld.exe
- C:\exwuamelxvku\gxpisemhixao.exe
- C:\exwuamelxvku\kryxaicjn.exe
- C:\exwuamelxvku\wgl2rmdg1dwmknfeld.exe
- %WINDIR%\exwuamelxvku\zetg5pc
- 'th####rouble.net':80
- 'cl####rouble.net':80
- 'th###strong.net':80
- 'cl###strong.net':80
- 'th###caught.net':80
- 'cl###caught.net':80
- 'th####resident.net':80
- 'cl####resident.net':80
- 'am####trouble.net':80
- 'we####rtrouble.net':80
- 'am####strong.net':80
- 'we####rstrong.net':80
- 'am####caught.net':80
- 'we####rcaught.net':80
- 'am####president.net':80
- 'we#####president.net':80
- 'ch###master.net':80
- 'co####emaster.net':80
- 'ch####ontinue.net':80
- 'co####econtinue.net':80
- 'ch####iscover.net':80
- 'co####ediscover.net':80
- 'ch###wonder.net':80
- 'co####ewonder.net':80
- 'th###master.net':80
- 'pr####tmaster.net':80
- 'th####ontinue.net':80
- 'pr####tcontinue.net':80
- 'th####iscover.net':80
- 'pr####tdiscover.net':80
- 'th###wonder.net':80
- 'pr####twonder.net':80
- 'hi####ycaught.net':80
- 'tw####strong.net':80
- 'mi####trouble.net':80
- 'al###caught.net':80
- 'mi####strong.net':80
- 'tw####president.net':80
- 'mi####caught.net':80
- 'tw####trouble.net':80
- 'mi####president.net':80
- 'al###strong.net':80
- 'of####rouble.net':80
- 'co####ecaught.net':80
- 'of###strong.net':80
- 'al####resident.net':80
- 'of###caught.net':80
- 'al####rouble.net':80
- 'of####resident.net':80
- 'hi####ystrong.net':80
- 'st####etrouble.net':80
- 'mo####gcaught.net':80
- 'st####estrong.net':80
- 'hi#####president.net':80
- 'st####ecaught.net':80
- 'hi####ytrouble.net':80
- 'st#####president.net':80
- 'mo####gstrong.net':80
- 'ra####trouble.net':80
- 'tw####caught.net':80
- 'ra####strong.net':80
- 'mo#####president.net':80
- 'ra####caught.net':80
- 'mo####gtrouble.net':80
- 'ra####president.net':80
- http://th####rouble.net/index.php?me########
- http://cl####rouble.net/index.php?me########
- http://th###strong.net/index.php?me########
- http://cl###strong.net/index.php?me########
- http://th###caught.net/index.php?me########
- http://cl###caught.net/index.php?me########
- http://th####resident.net/index.php?me########
- http://cl####resident.net/index.php?me########
- http://am####trouble.net/index.php?me########
- http://we####rtrouble.net/index.php?me########
- http://am####strong.net/index.php?me########
- http://we####rstrong.net/index.php?me########
- http://am####caught.net/index.php?me########
- http://we####rcaught.net/index.php?me########
- http://am####president.net/index.php?me########
- http://we#####president.net/index.php?me########
- http://ch###master.net/index.php?me########
- http://co####emaster.net/index.php?me########
- http://ch####ontinue.net/index.php?me########
- http://co####econtinue.net/index.php?me########
- http://ch####iscover.net/index.php?me########
- http://co####ediscover.net/index.php?me########
- http://ch###wonder.net/index.php?me########
- http://co####ewonder.net/index.php?me########
- http://th###master.net/index.php?me########
- http://pr####tmaster.net/index.php?me########
- http://th####ontinue.net/index.php?me########
- http://pr####tcontinue.net/index.php?me########
- http://th####iscover.net/index.php?me########
- http://pr####tdiscover.net/index.php?me########
- http://th###wonder.net/index.php?me########
- http://pr####twonder.net/index.php?me########
- http://hi####ycaught.net/index.php?me########
- http://tw####strong.net/index.php?me########
- http://mi####trouble.net/index.php?me########
- http://al###caught.net/index.php?me########
- http://mi####strong.net/index.php?me########
- http://tw####president.net/index.php?me########
- http://mi####caught.net/index.php?me########
- http://tw####trouble.net/index.php?me########
- http://mi####president.net/index.php?me########
- http://al###strong.net/index.php?me########
- http://of####rouble.net/index.php?me########
- http://co####ecaught.net/index.php?me########
- http://of###strong.net/index.php?me########
- http://al####resident.net/index.php?me########
- http://of###caught.net/index.php?me########
- http://al####rouble.net/index.php?me########
- http://of####resident.net/index.php?me########
- http://hi####ystrong.net/index.php?me########
- http://st####etrouble.net/index.php?me########
- http://mo####gcaught.net/index.php?me########
- http://st####estrong.net/index.php?me########
- http://hi#####president.net/index.php?me########
- http://st####ecaught.net/index.php?me########
- http://hi####ytrouble.net/index.php?me########
- http://st#####president.net/index.php?me########
- http://mo####gstrong.net/index.php?me########
- http://ra####trouble.net/index.php?me########
- http://tw####caught.net/index.php?me########
- http://ra####strong.net/index.php?me########
- http://mo#####president.net/index.php?me########
- http://ra####caught.net/index.php?me########
- http://mo####gtrouble.net/index.php?me########
- http://ra####president.net/index.php?me########
- DNS ASK th####rouble.net
- DNS ASK cl####rouble.net
- DNS ASK th###strong.net
- DNS ASK cl###strong.net
- DNS ASK th###caught.net
- DNS ASK cl###caught.net
- DNS ASK th####resident.net
- DNS ASK cl####resident.net
- DNS ASK am####trouble.net
- DNS ASK we####rtrouble.net
- DNS ASK am####strong.net
- DNS ASK we####rstrong.net
- DNS ASK am####caught.net
- DNS ASK we####rcaught.net
- DNS ASK am####president.net
- DNS ASK we#####president.net
- DNS ASK th####ontinue.net
- DNS ASK co####emaster.net
- DNS ASK ch###wonder.net
- DNS ASK co####econtinue.net
- DNS ASK ch###master.net
- DNS ASK co####ediscover.net
- DNS ASK of####ontinue.net
- DNS ASK co####ewonder.net
- DNS ASK ch####iscover.net
- DNS ASK pr####tmaster.net
- DNS ASK th###wonder.net
- DNS ASK pr####tcontinue.net
- DNS ASK th###master.net
- DNS ASK pr####tdiscover.net
- DNS ASK ch####ontinue.net
- DNS ASK pr####twonder.net
- DNS ASK th####iscover.net
- DNS ASK tw####strong.net
- DNS ASK mi####trouble.net
- DNS ASK al###caught.net
- DNS ASK mi####strong.net
- DNS ASK tw####president.net
- DNS ASK mi####caught.net
- DNS ASK tw####trouble.net
- DNS ASK mi####president.net
- DNS ASK al###strong.net
- DNS ASK of####rouble.net
- DNS ASK co####ecaught.net
- DNS ASK of###strong.net
- DNS ASK al####resident.net
- DNS ASK of###caught.net
- DNS ASK al####rouble.net
- DNS ASK of####resident.net
- DNS ASK tw####caught.net
- DNS ASK st####etrouble.net
- DNS ASK hi####ytrouble.net
- DNS ASK st####estrong.net
- DNS ASK hi####ystrong.net
- DNS ASK st####ecaught.net
- DNS ASK hi####ycaught.net
- DNS ASK st#####president.net
- DNS ASK hi#####president.net
- DNS ASK ra####trouble.net
- DNS ASK mo####gtrouble.net
- DNS ASK ra####strong.net
- DNS ASK mo####gstrong.net
- DNS ASK ra####caught.net
- DNS ASK mo####gcaught.net
- DNS ASK ra####president.net
- DNS ASK mo#####president.net
- ClassName: 'Shell_TrayWnd' WindowName: ''