Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Acquisition Accounts Base' = 'C:\ltyadsw\lwvlmhvtfdok.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Removal Workstation Trap DCOM] 'ImagePath' = 'C:\ltyadsw\lwvlmhvtfdok.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Removal Workstation Trap DCOM] 'Start' = '00000002'
- 'C:\ltyadsw\mfbitfqj.exe' "c:\ltyadsw\lwvlmhvtfdok.exe"
- 'C:\ltyadsw\lwvlmhvtfdok.exe'
- 'C:\ltyadsw\lhgfh2k8qzjw9nxwcjg2j.exe'
- C:\ltyadsw\lwvlmhvtfdok.exe
- C:\ltyadsw\mfbitfqj.exe
- C:\ltyadsw\lhgfh2k8qzjw9nxwcjg2j.exe
- %WINDIR%\ltyadsw\zfprars
- C:\ltyadsw\zfprars
- C:\ltyadsw\mfbitfqj.exe
- C:\ltyadsw\lwvlmhvtfdok.exe
- C:\ltyadsw\lhgfh2k8qzjw9nxwcjg2j.exe
- %WINDIR%\ltyadsw\zfprars
- 'fr###escape.net':80
- 'fi####ortieth.net':80
- 'fr###animal.net':80
- 'ex#####nceescape.net':80
- 'pa####oodbye.net':80
- 'fi####tranger.net':80
- 'pa####ortieth.net':80
- 'fi####oodbye.net':80
- 'ge####manescape.net':80
- 'ex#####ncemodern.net':80
- 'ge####mananimal.net':80
- 'al####yescape.net':80
- 'fr####roblem.net':80
- 'ex#####nceanimal.net':80
- 'fr###modern.net':80
- 'ex#####nceproblem.net':80
- 'wo####dvance.net':80
- 'wa####ortieth.net':80
- 'wo####tranger.net':80
- 'sm####dvance.net':80
- 'wa####tranger.net':80
- 'th####tstranger.net':80
- 'th####tfortieth.net':80
- 'wa####oodbye.net':80
- 'pa####dvance.net':80
- 'sm####ortieth.net':80
- 'pa####tranger.net':80
- 'fi####dvance.net':80
- 'wo####oodbye.net':80
- 'sm####tranger.net':80
- 'wo####ortieth.net':80
- 'sm####oodbye.net':80
- http://fr###escape.net/index.php
- http://fi####ortieth.net/index.php
- http://fr###animal.net/index.php
- http://ex#####nceescape.net/index.php
- http://pa####oodbye.net/index.php
- http://fi####tranger.net/index.php
- http://pa####ortieth.net/index.php
- http://fi####oodbye.net/index.php
- http://ge####manescape.net/index.php
- http://ex#####ncemodern.net/index.php
- http://ge####mananimal.net/index.php
- http://al####yescape.net/index.php
- http://fr####roblem.net/index.php
- http://ex#####nceanimal.net/index.php
- http://fr###modern.net/index.php
- http://ex#####nceproblem.net/index.php
- http://wo####dvance.net/index.php
- http://wa####ortieth.net/index.php
- http://wo####tranger.net/index.php
- http://sm####dvance.net/index.php
- http://wa####tranger.net/index.php
- http://th####tstranger.net/index.php
- http://th####tfortieth.net/index.php
- http://wa####oodbye.net/index.php
- http://pa####dvance.net/index.php
- http://sm####ortieth.net/index.php
- http://pa####tranger.net/index.php
- http://fi####dvance.net/index.php
- http://wo####oodbye.net/index.php
- http://sm####tranger.net/index.php
- http://wo####ortieth.net/index.php
- http://sm####oodbye.net/index.php
- DNS ASK fr###escape.net
- DNS ASK fi####ortieth.net
- DNS ASK fr###animal.net
- DNS ASK ex#####nceescape.net
- DNS ASK pa####oodbye.net
- DNS ASK fi####tranger.net
- DNS ASK pa####ortieth.net
- DNS ASK fi####oodbye.net
- DNS ASK ex#####nceanimal.net
- DNS ASK al####yescape.net
- DNS ASK ge####manescape.net
- DNS ASK al####yanimal.net
- DNS ASK ge####mananimal.net
- DNS ASK ex#####nceproblem.net
- DNS ASK fr####roblem.net
- DNS ASK ex#####ncemodern.net
- DNS ASK fr###modern.net
- DNS ASK wa####ortieth.net
- DNS ASK th####tfortieth.net
- DNS ASK sm####dvance.net
- DNS ASK wo####dvance.net
- DNS ASK wa####tranger.net
- DNS ASK th####tstranger.net
- DNS ASK wa####oodbye.net
- DNS ASK th####tgoodbye.net
- DNS ASK wo####tranger.net
- DNS ASK pa####dvance.net
- DNS ASK sm####ortieth.net
- DNS ASK pa####tranger.net
- DNS ASK fi####dvance.net
- DNS ASK wo####oodbye.net
- DNS ASK sm####tranger.net
- DNS ASK wo####ortieth.net
- DNS ASK sm####oodbye.net
- ClassName: 'Shell_TrayWnd' WindowName: ''