Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Encryption Offline Error TP SNMP' = 'C:\ozpbhtizvlmh\ortdanghy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Panel UserMode Multimedia] 'Start' = '00000002'
- 'C:\ozpbhtizvlmh\dlnefohn.exe' "c:\ozpbhtizvlmh\ortdanghy.exe"
- 'C:\ozpbhtizvlmh\ortdanghy.exe'
- 'C:\ozpbhtizvlmh\jt3fzzkchzmdhomhw.exe'
- C:\ozpbhtizvlmh\ortdanghy.exe
- C:\ozpbhtizvlmh\dlnefohn.exe
- C:\ozpbhtizvlmh\jt3fzzkchzmdhomhw.exe
- %WINDIR%\ozpbhtizvlmh\qbiveuelc
- C:\ozpbhtizvlmh\qbiveuelc
- C:\ozpbhtizvlmh\dlnefohn.exe
- C:\ozpbhtizvlmh\ortdanghy.exe
- C:\ozpbhtizvlmh\jt3fzzkchzmdhomhw.exe
- %WINDIR%\ozpbhtizvlmh\qbiveuelc
- 'ou####emodern.net':80
- 'mo####ntmodern.net':80
- 'ev####gescape.net':80
- 'bu####ngescape.net':80
- 'ou####eanimal.net':80
- 'mo####ntanimal.net':80
- 'ou####eproblem.net':80
- 'mo####ntproblem.net':80
- 'ev####gmodern.net':80
- 'bu####ngmodern.net':80
- 'mi###escape.net':80
- 'st###escape.net':80
- 'ev####ganimal.net':80
- 'bu####nganimal.net':80
- 'ev####gproblem.net':80
- 'bu####ngproblem.net':80
- 'ou####eescape.net':80
- 'pr####efortieth.net':80
- 'de####goodbye.net':80
- 'st####thadvance.net':80
- 'de####fortieth.net':80
- 'pr####estranger.net':80
- 'de####advance.net':80
- 'pr####egoodbye.net':80
- 'de####stranger.net':80
- 'st#####hfortieth.net':80
- 'st####oodbye.net':80
- 'mo####ntescape.net':80
- 'st####ortieth.net':80
- 'st#####hstranger.net':80
- 'st####dvance.net':80
- 'st####thgoodbye.net':80
- 'st####tranger.net':80
- http://ou####emodern.net/index.php
- http://mo####ntmodern.net/index.php
- http://ev####gescape.net/index.php
- http://bu####ngescape.net/index.php
- http://ou####eanimal.net/index.php
- http://mo####ntanimal.net/index.php
- http://ou####eproblem.net/index.php
- http://mo####ntproblem.net/index.php
- http://ev####gmodern.net/index.php
- http://bu####ngmodern.net/index.php
- http://mi###escape.net/index.php
- http://st###escape.net/index.php
- http://ev####ganimal.net/index.php
- http://bu####nganimal.net/index.php
- http://ev####gproblem.net/index.php
- http://bu####ngproblem.net/index.php
- http://ou####eescape.net/index.php
- http://pr####efortieth.net/index.php
- http://de####goodbye.net/index.php
- http://st####thadvance.net/index.php
- http://de####fortieth.net/index.php
- http://pr####estranger.net/index.php
- http://de####advance.net/index.php
- http://pr####egoodbye.net/index.php
- http://de####stranger.net/index.php
- http://st#####hfortieth.net/index.php
- http://st####oodbye.net/index.php
- http://mo####ntescape.net/index.php
- http://st####ortieth.net/index.php
- http://st#####hstranger.net/index.php
- http://st####dvance.net/index.php
- http://st####thgoodbye.net/index.php
- http://st####tranger.net/index.php
- DNS ASK ou####emodern.net
- DNS ASK mo####ntmodern.net
- DNS ASK ev####gescape.net
- DNS ASK bu####ngescape.net
- DNS ASK ou####eanimal.net
- DNS ASK mo####ntanimal.net
- DNS ASK ou####eproblem.net
- DNS ASK mo####ntproblem.net
- DNS ASK bu####nganimal.net
- DNS ASK st###escape.net
- DNS ASK ev####gmodern.net
- DNS ASK st###animal.net
- DNS ASK mi###escape.net
- DNS ASK bu####ngproblem.net
- DNS ASK ev####ganimal.net
- DNS ASK bu####ngmodern.net
- DNS ASK ev####gproblem.net
- DNS ASK pr####efortieth.net
- DNS ASK de####goodbye.net
- DNS ASK st####thadvance.net
- DNS ASK de####fortieth.net
- DNS ASK pr####estranger.net
- DNS ASK de####advance.net
- DNS ASK pr####egoodbye.net
- DNS ASK de####stranger.net
- DNS ASK st####dvance.net
- DNS ASK st####ortieth.net
- DNS ASK st#####hfortieth.net
- DNS ASK ou####eescape.net
- DNS ASK mo####ntescape.net
- DNS ASK st####tranger.net
- DNS ASK st#####hstranger.net
- DNS ASK st####oodbye.net
- DNS ASK st####thgoodbye.net
- ClassName: 'Shell_TrayWnd' WindowName: ''