Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BranchCache TPM iSCSI Remote Extender' = 'C:\lsqbrno\shuyulbkbpd.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Panel Alerts COM+ Interactive Access] 'ImagePath' = 'C:\lsqbrno\shuyulbkbpd.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Panel Alerts COM+ Interactive Access] 'Start' = '00000002'
- 'C:\lsqbrno\xargslo.exe' "c:\lsqbrno\shuyulbkbpd.exe"
- 'C:\lsqbrno\shuyulbkbpd.exe'
- 'C:\lsqbrno\xcs2kuvsqel7ouypptk.exe'
- C:\lsqbrno\shuyulbkbpd.exe
- C:\lsqbrno\xargslo.exe
- C:\lsqbrno\xcs2kuvsqel7ouypptk.exe
- %WINDIR%\lsqbrno\yguhil
- C:\lsqbrno\yguhil
- C:\lsqbrno\xargslo.exe
- C:\lsqbrno\shuyulbkbpd.exe
- C:\lsqbrno\xcs2kuvsqel7ouypptk.exe
- %WINDIR%\lsqbrno\yguhil
- 'bu####ngsingle.net':80
- 'ev####gsingle.net':80
- 'mo####ntevery.net':80
- 'ou####eevery.net':80
- 'bu####ngcharge.net':80
- 'ev#####difference.net':80
- 'bu####ngevery.net':80
- 'ev####gcharge.net':80
- 'bu#####gdifference.net':80
- 'st####thhowever.net':80
- 'mo####ntsingle.net':80
- 'st####lthough.net':80
- 'st####thperiod.net':80
- 'ou####esingle.net':80
- 'mo#####tdifference.net':80
- 'ou#####difference.net':80
- 'mo####ntcharge.net':80
- 'ou####echarge.net':80
- 'do####charge.net':80
- 'pr####charge.net':80
- 'do####single.net':80
- 'pr####single.net':80
- 'do#####ifference.net':80
- 'pr###yevery.net':80
- 'fe####single.net':80
- 'pr#####ifference.net':80
- 'do###revery.net':80
- 'mi###single.net':80
- 'st###charge.net':80
- 'ev####gevery.net':80
- 'st###single.net':80
- 'mi###charge.net':80
- 'st###every.net':80
- 'mi###every.net':80
- 'st####ifference.net':80
- 'mi####ifference.net':80
- 'do####however.net':80
- 'pr####however.net':80
- 'do####period.net':80
- 'pr####period.net':80
- 'fe####choose.net':80
- 'fe####however.net':80
- 'br####choose.net':80
- 'fe####although.net':80
- 'fe####period.net':80
- 'mi###period.net':80
- 'st####owever.net':80
- 'mi####lthough.net':80
- 'st###period.net':80
- 'mi####owever.net':80
- 'do####although.net':80
- 'pr####although.net':80
- 'do####choose.net':80
- 'pr####choose.net':80
- 'pr####eperiod.net':80
- 'de####period.net':80
- 'pr####ealthough.net':80
- 'de####although.net':80
- 'pr####ehowever.net':80
- 'st###choose.net':80
- 'st#####halthough.net':80
- 'de####however.net':80
- 'st####thchoose.net':80
- 're####although.net':80
- 'br####period.net':80
- 're####choose.net':80
- 'br####although.net':80
- 're####period.net':80
- 'pr####echoose.net':80
- 'de####choose.net':80
- 'br####however.net':80
- 're####however.net':80
- http://bu####ngsingle.net/index.php
- http://ev####gsingle.net/index.php
- http://mo####ntevery.net/index.php
- http://ou####eevery.net/index.php
- http://bu####ngcharge.net/index.php
- http://ev#####difference.net/index.php
- http://bu####ngevery.net/index.php
- http://ev####gcharge.net/index.php
- http://bu#####gdifference.net/index.php
- http://st####thhowever.net/index.php
- http://mo####ntsingle.net/index.php
- http://st####lthough.net/index.php
- http://st####thperiod.net/index.php
- http://ou####esingle.net/index.php
- http://mo#####tdifference.net/index.php
- http://ou#####difference.net/index.php
- http://mo####ntcharge.net/index.php
- http://ou####echarge.net/index.php
- http://do####charge.net/index.php
- http://pr####charge.net/index.php
- http://do####single.net/index.php
- http://pr####single.net/index.php
- http://do#####ifference.net/index.php
- http://pr###yevery.net/index.php
- http://fe####single.net/index.php
- http://pr#####ifference.net/index.php
- http://do###revery.net/index.php
- http://mi###single.net/index.php
- http://st###charge.net/index.php
- http://ev####gevery.net/index.php
- http://st###single.net/index.php
- http://mi###charge.net/index.php
- http://st###every.net/index.php
- http://mi###every.net/index.php
- http://st####ifference.net/index.php
- http://mi####ifference.net/index.php
- http://do####however.net/index.php
- http://pr####however.net/index.php
- http://do####period.net/index.php
- http://pr####period.net/index.php
- http://fe####choose.net/index.php
- http://fe####however.net/index.php
- http://br####choose.net/index.php
- http://fe####although.net/index.php
- http://fe####period.net/index.php
- http://mi###period.net/index.php
- http://st####owever.net/index.php
- http://mi####lthough.net/index.php
- http://st###period.net/index.php
- http://mi####owever.net/index.php
- http://do####although.net/index.php
- http://pr####although.net/index.php
- http://do####choose.net/index.php
- http://pr####choose.net/index.php
- http://pr####eperiod.net/index.php
- http://de####period.net/index.php
- http://pr####ealthough.net/index.php
- http://de####although.net/index.php
- http://pr####ehowever.net/index.php
- http://st###choose.net/index.php
- http://st#####halthough.net/index.php
- http://de####however.net/index.php
- http://st####thchoose.net/index.php
- http://re####although.net/index.php
- http://br####period.net/index.php
- http://re####choose.net/index.php
- http://br####although.net/index.php
- http://re####period.net/index.php
- http://pr####echoose.net/index.php
- http://de####choose.net/index.php
- http://br####however.net/index.php
- http://re####however.net/index.php
- DNS ASK ev####gsingle.net
- DNS ASK bu####ngcharge.net
- DNS ASK ou####eevery.net
- DNS ASK bu####ngsingle.net
- DNS ASK ev####gcharge.net
- DNS ASK bu####ngevery.net
- DNS ASK ev####gevery.net
- DNS ASK bu#####gdifference.net
- DNS ASK ev#####difference.net
- DNS ASK mo####ntsingle.net
- DNS ASK ou####esingle.net
- DNS ASK st####thperiod.net
- DNS ASK st####thhowever.net
- DNS ASK mo####ntcharge.net
- DNS ASK ou#####difference.net
- DNS ASK mo####ntevery.net
- DNS ASK ou####echarge.net
- DNS ASK mo#####tdifference.net
- DNS ASK pr####charge.net
- DNS ASK do#####ifference.net
- DNS ASK pr####single.net
- DNS ASK do####charge.net
- DNS ASK pr#####ifference.net
- DNS ASK fe####single.net
- DNS ASK fe####charge.net
- DNS ASK do###revery.net
- DNS ASK pr###yevery.net
- DNS ASK st###charge.net
- DNS ASK mi###charge.net
- DNS ASK st###single.net
- DNS ASK mi###single.net
- DNS ASK st####ifference.net
- DNS ASK mi###every.net
- DNS ASK do####single.net
- DNS ASK mi####ifference.net
- DNS ASK st###every.net
- DNS ASK st####lthough.net
- DNS ASK do####however.net
- DNS ASK pr####however.net
- DNS ASK do####period.net
- DNS ASK pr####period.net
- DNS ASK fe####choose.net
- DNS ASK fe####however.net
- DNS ASK br####choose.net
- DNS ASK fe####although.net
- DNS ASK fe####period.net
- DNS ASK mi###period.net
- DNS ASK st####owever.net
- DNS ASK mi####lthough.net
- DNS ASK st###period.net
- DNS ASK mi####owever.net
- DNS ASK do####although.net
- DNS ASK pr####although.net
- DNS ASK do####choose.net
- DNS ASK pr####choose.net
- DNS ASK pr####eperiod.net
- DNS ASK de####period.net
- DNS ASK pr####ealthough.net
- DNS ASK de####although.net
- DNS ASK pr####ehowever.net
- DNS ASK st###choose.net
- DNS ASK st#####halthough.net
- DNS ASK de####however.net
- DNS ASK st####thchoose.net
- DNS ASK re####although.net
- DNS ASK br####period.net
- DNS ASK re####choose.net
- DNS ASK br####although.net
- DNS ASK re####period.net
- DNS ASK pr####echoose.net
- DNS ASK de####choose.net
- DNS ASK br####however.net
- DNS ASK re####however.net
- ClassName: 'Shell_TrayWnd' WindowName: ''