Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Presentation Center Framework Tablet' = 'C:\ogsdzjcikbzri\ydcbcln.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Spooler AutoConnect Trap Log] 'ImagePath' = 'C:\ogsdzjcikbzri\ydcbcln.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Spooler AutoConnect Trap Log] 'Start' = '00000002'
- 'C:\ogsdzjcikbzri\bnugjzdm.exe' "c:\ogsdzjcikbzri\ydcbcln.exe"
- 'C:\ogsdzjcikbzri\ydcbcln.exe'
- 'C:\ogsdzjcikbzri\xux0t2egetnerpxrjrqv.exe'
- C:\ogsdzjcikbzri\ydcbcln.exe
- C:\ogsdzjcikbzri\bnugjzdm.exe
- C:\ogsdzjcikbzri\vfmdvlainf8
- %WINDIR%\ogsdzjcikbzri\oc0tljbm5don
- C:\ogsdzjcikbzri\oc0tljbm5don
- C:\ogsdzjcikbzri\xux0t2egetnerpxrjrqv.exe
- C:\ogsdzjcikbzri\bnugjzdm.exe
- C:\ogsdzjcikbzri\ydcbcln.exe
- C:\ogsdzjcikbzri\xux0t2egetnerpxrjrqv.exe
- %WINDIR%\ogsdzjcikbzri\oc0tljbm5don
- 'se####surprise.net':80
- 'la####urprise.net':80
- 'se####lcountry.net':80
- 'ma####alcountry.net':80
- 'se####beside.net':80
- 'la###letter.net':80
- 'se####different.net':80
- 'la###beside.net':80
- 'se####letter.net':80
- 'pr####lycountry.net':80
- 'se####lcentury.net':80
- 'pr####lypower.net':80
- 'sw####ountry.net':80
- 'ma####alcentury.net':80
- 'se####lpower.net':80
- 'ma####alpower.net':80
- 'se####lfamous.net':80
- 'ma####alfamous.net':80
- 'la####ifferent.net':80
- 'po####lebeside.net':80
- 'mo####inletter.net':80
- 'po#####esurprise.net':80
- 'mo####inbeside.net':80
- 'po####leletter.net':80
- 'pe####ssurprise.net':80
- 'wi####surprise.net':80
- 'mo#####ndifferent.net':80
- 'po#####edifferent.net':80
- 'si####beside.net':80
- 'mo####beside.net':80
- 'si####surprise.net':80
- 'mo####surprise.net':80
- 'si####letter.net':80
- 'mo####different.net':80
- 'mo#####nsurprise.net':80
- 'mo####letter.net':80
- 'si####different.net':80
- 'pe####scentury.net':80
- 'wi####century.net':80
- 'mo####incountry.net':80
- 'po####lecountry.net':80
- 'pe####sfamous.net':80
- 'wi###wpower.net':80
- 'pe####scountry.net':80
- 'wi####famous.net':80
- 'pe####spower.net':80
- 'mo####country.net':80
- 'mo####incentury.net':80
- 'mo###rpower.net':80
- 'si####country.net':80
- 'po####lecentury.net':80
- 'mo####inpower.net':80
- 'po####lepower.net':80
- 'mo####infamous.net':80
- 'po####lefamous.net':80
- 'wi####country.net':80
- 'fi####country.net':80
- 'le####ountry.net':80
- 'fi###hpower.net':80
- 'le###power.net':80
- 'sw####entury.net':80
- 'pr####lyfamous.net':80
- 'sw###power.net':80
- 'pr####lycentury.net':80
- 'sw###famous.net':80
- 'wi###rpower.net':80
- 'su####tpower.net':80
- 'su####tcentury.net':80
- 'su####tfamous.net':80
- 'su####tcountry.net':80
- 'fi####famous.net':80
- 'le###famous.net':80
- 'fi####century.net':80
- 'le####entury.net':80
- http://se####surprise.net/index.php
- http://la####urprise.net/index.php
- http://se####lcountry.net/index.php
- http://ma####alcountry.net/index.php
- http://se####beside.net/index.php
- http://la###letter.net/index.php
- http://se####different.net/index.php
- http://la###beside.net/index.php
- http://se####letter.net/index.php
- http://pr####lycountry.net/index.php
- http://se####lcentury.net/index.php
- http://pr####lypower.net/index.php
- http://sw####ountry.net/index.php
- http://ma####alcentury.net/index.php
- http://se####lpower.net/index.php
- http://ma####alpower.net/index.php
- http://se####lfamous.net/index.php
- http://ma####alfamous.net/index.php
- http://la####ifferent.net/index.php
- http://po####lebeside.net/index.php
- http://mo####inletter.net/index.php
- http://po#####esurprise.net/index.php
- http://mo####inbeside.net/index.php
- http://po####leletter.net/index.php
- http://pe####ssurprise.net/index.php
- http://wi####surprise.net/index.php
- http://mo#####ndifferent.net/index.php
- http://po#####edifferent.net/index.php
- http://si####beside.net/index.php
- http://mo####beside.net/index.php
- http://si####surprise.net/index.php
- http://mo####surprise.net/index.php
- http://si####letter.net/index.php
- http://mo####different.net/index.php
- http://mo#####nsurprise.net/index.php
- http://mo####letter.net/index.php
- http://si####different.net/index.php
- http://pe####scentury.net/index.php
- http://wi####century.net/index.php
- http://mo####incountry.net/index.php
- http://po####lecountry.net/index.php
- http://pe####sfamous.net/index.php
- http://wi###wpower.net/index.php
- http://pe####scountry.net/index.php
- http://wi####famous.net/index.php
- http://pe####spower.net/index.php
- http://mo####country.net/index.php
- http://mo####incentury.net/index.php
- http://mo###rpower.net/index.php
- http://si####country.net/index.php
- http://po####lecentury.net/index.php
- http://mo####inpower.net/index.php
- http://po####lepower.net/index.php
- http://mo####infamous.net/index.php
- http://po####lefamous.net/index.php
- http://wi####country.net/index.php
- http://fi####country.net/index.php
- http://le####ountry.net/index.php
- http://fi###hpower.net/index.php
- http://le###power.net/index.php
- http://sw####entury.net/index.php
- http://pr####lyfamous.net/index.php
- http://sw###power.net/index.php
- http://pr####lycentury.net/index.php
- http://sw###famous.net/index.php
- http://wi###rpower.net/index.php
- http://su####tpower.net/index.php
- http://su####tcentury.net/index.php
- http://su####tfamous.net/index.php
- http://su####tcountry.net/index.php
- http://fi####famous.net/index.php
- http://le###famous.net/index.php
- http://fi####century.net/index.php
- http://le####entury.net/index.php
- DNS ASK la####urprise.net
- DNS ASK se####beside.net
- DNS ASK ma####alcountry.net
- DNS ASK se####surprise.net
- DNS ASK la###beside.net
- DNS ASK se####different.net
- DNS ASK la####ifferent.net
- DNS ASK se####letter.net
- DNS ASK la###letter.net
- DNS ASK se####lcentury.net
- DNS ASK ma####alcentury.net
- DNS ASK sw####ountry.net
- DNS ASK pr####lycountry.net
- DNS ASK se####lfamous.net
- DNS ASK ma####alpower.net
- DNS ASK se####lcountry.net
- DNS ASK ma####alfamous.net
- DNS ASK se####lpower.net
- DNS ASK si####surprise.net
- DNS ASK mo####inletter.net
- DNS ASK po####leletter.net
- DNS ASK mo####inbeside.net
- DNS ASK po####lebeside.net
- DNS ASK mo#####ndifferent.net
- DNS ASK wi####surprise.net
- DNS ASK pe####sbeside.net
- DNS ASK po#####edifferent.net
- DNS ASK pe####ssurprise.net
- DNS ASK mo####beside.net
- DNS ASK si####letter.net
- DNS ASK mo####surprise.net
- DNS ASK si####beside.net
- DNS ASK mo####letter.net
- DNS ASK mo#####nsurprise.net
- DNS ASK po#####esurprise.net
- DNS ASK si####different.net
- DNS ASK mo####different.net
- DNS ASK pr####lypower.net
- DNS ASK pe####scentury.net
- DNS ASK wi####century.net
- DNS ASK mo####incountry.net
- DNS ASK po####lecountry.net
- DNS ASK pe####sfamous.net
- DNS ASK wi###wpower.net
- DNS ASK pe####scountry.net
- DNS ASK wi####famous.net
- DNS ASK pe####spower.net
- DNS ASK mo####country.net
- DNS ASK mo####incentury.net
- DNS ASK mo###rpower.net
- DNS ASK si####country.net
- DNS ASK po####lecentury.net
- DNS ASK mo####inpower.net
- DNS ASK po####lepower.net
- DNS ASK mo####infamous.net
- DNS ASK po####lefamous.net
- DNS ASK wi####country.net
- DNS ASK fi####country.net
- DNS ASK le####ountry.net
- DNS ASK fi###hpower.net
- DNS ASK le###power.net
- DNS ASK sw####entury.net
- DNS ASK pr####lyfamous.net
- DNS ASK sw###power.net
- DNS ASK pr####lycentury.net
- DNS ASK sw###famous.net
- DNS ASK wi###rpower.net
- DNS ASK su####tpower.net
- DNS ASK su####tcentury.net
- DNS ASK su####tfamous.net
- DNS ASK su####tcountry.net
- DNS ASK fi####famous.net
- DNS ASK le###famous.net
- DNS ASK fi####century.net
- DNS ASK le####entury.net
- ClassName: 'Shell_TrayWnd' WindowName: ''