Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Logon Workstation ActiveX Framework Font' = 'C:\wopembjzob\eumuodgwquhn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\PNRP Upgrade Experience COM Now Removal] 'ImagePath' = 'C:\wopembjzob\eumuodgwquhn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\PNRP Upgrade Experience COM Now Removal] 'Start' = '00000002'
- 'C:\wopembjzob\ssuhplfdu.exe' "c:\wopembjzob\eumuodgwquhn.exe"
- 'C:\wopembjzob\eumuodgwquhn.exe'
- 'C:\wopembjzob\peh3l1upxoxuyhjrzw.exe'
- C:\wopembjzob\eumuodgwquhn.exe
- C:\wopembjzob\ssuhplfdu.exe
- C:\wopembjzob\peh3l1upxoxuyhjrzw.exe
- %WINDIR%\wopembjzob\gc1idsm7au8j
- C:\wopembjzob\gc1idsm7au8j
- C:\wopembjzob\ssuhplfdu.exe
- C:\wopembjzob\eumuodgwquhn.exe
- C:\wopembjzob\peh3l1upxoxuyhjrzw.exe
- %WINDIR%\wopembjzob\gc1idsm7au8j
- 'si####beside.net':80
- 'mo####beside.net':80
- 'si####surprise.net':80
- 'mo####surprise.net':80
- 'si####different.net':80
- 'mo####different.net':80
- 'si####letter.net':80
- 'mo####letter.net':80
- 'se####beside.net':80
- 'la###beside.net':80
- 'se####surprise.net':80
- 'la####urprise.net':80
- 'se####different.net':80
- 'la####ifferent.net':80
- 'se####letter.net':80
- 'la###letter.net':80
- 'pe####sbeside.net':80
- 'wi####beside.net':80
- 'pe####ssurprise.net':80
- 'wi####surprise.net':80
- 'pe#####different.net':80
- 'wi####different.net':80
- 'pe####sletter.net':80
- 'wi####letter.net':80
- 'mo####inbeside.net':80
- 'po####lebeside.net':80
- 'mo#####nsurprise.net':80
- 'po#####esurprise.net':80
- 'mo#####ndifferent.net':80
- 'po#####edifferent.net':80
- 'mo####inletter.net':80
- 'po####leletter.net':80
- 'ma####alcountry.net':80
- 'le####entury.net':80
- 'fi####famous.net':80
- 'su####tcountry.net':80
- 'fi####century.net':80
- 'le###power.net':80
- 'fi####country.net':80
- 'le###famous.net':80
- 'fi###hpower.net':80
- 'wi####century.net':80
- 'su####tcentury.net':80
- 'pe####scountry.net':80
- 'wi####country.net':80
- 'wi###rpower.net':80
- 'su####tpower.net':80
- 'wi####famous.net':80
- 'su####tfamous.net':80
- 'ma####alcentury.net':80
- 'se####lfamous.net':80
- 'pr####lycountry.net':80
- 'se####lcentury.net':80
- 'ma####alpower.net':80
- 'se####lcountry.net':80
- 'ma####alfamous.net':80
- 'se####lpower.net':80
- 'pr####lycentury.net':80
- 'sw###famous.net':80
- 'le####ountry.net':80
- 'sw####entury.net':80
- 'pr####lypower.net':80
- 'sw####ountry.net':80
- 'pr####lyfamous.net':80
- 'sw###power.net':80
- http://si####beside.net/index.php
- http://mo####beside.net/index.php
- http://si####surprise.net/index.php
- http://mo####surprise.net/index.php
- http://si####different.net/index.php
- http://mo####different.net/index.php
- http://si####letter.net/index.php
- http://mo####letter.net/index.php
- http://se####beside.net/index.php
- http://la###beside.net/index.php
- http://se####surprise.net/index.php
- http://la####urprise.net/index.php
- http://se####different.net/index.php
- http://la####ifferent.net/index.php
- http://se####letter.net/index.php
- http://la###letter.net/index.php
- http://pe####sbeside.net/index.php
- http://wi####beside.net/index.php
- http://pe####ssurprise.net/index.php
- http://wi####surprise.net/index.php
- http://pe#####different.net/index.php
- http://wi####different.net/index.php
- http://pe####sletter.net/index.php
- http://wi####letter.net/index.php
- http://mo####inbeside.net/index.php
- http://po####lebeside.net/index.php
- http://mo#####nsurprise.net/index.php
- http://po#####esurprise.net/index.php
- http://mo#####ndifferent.net/index.php
- http://po#####edifferent.net/index.php
- http://mo####inletter.net/index.php
- http://po####leletter.net/index.php
- http://ma####alcountry.net/index.php
- http://le####entury.net/index.php
- http://fi####famous.net/index.php
- http://su####tcountry.net/index.php
- http://fi####century.net/index.php
- http://le###power.net/index.php
- http://fi####country.net/index.php
- http://le###famous.net/index.php
- http://fi###hpower.net/index.php
- http://wi####century.net/index.php
- http://su####tcentury.net/index.php
- http://pe####scountry.net/index.php
- http://wi####country.net/index.php
- http://wi###rpower.net/index.php
- http://su####tpower.net/index.php
- http://wi####famous.net/index.php
- http://su####tfamous.net/index.php
- http://ma####alcentury.net/index.php
- http://se####lfamous.net/index.php
- http://pr####lycountry.net/index.php
- http://se####lcentury.net/index.php
- http://ma####alpower.net/index.php
- http://se####lcountry.net/index.php
- http://ma####alfamous.net/index.php
- http://se####lpower.net/index.php
- http://pr####lycentury.net/index.php
- http://sw###famous.net/index.php
- http://le####ountry.net/index.php
- http://sw####entury.net/index.php
- http://pr####lypower.net/index.php
- http://sw####ountry.net/index.php
- http://pr####lyfamous.net/index.php
- http://sw###power.net/index.php
- DNS ASK si####beside.net
- DNS ASK mo####beside.net
- DNS ASK si####surprise.net
- DNS ASK mo####surprise.net
- DNS ASK si####different.net
- DNS ASK mo####different.net
- DNS ASK si####letter.net
- DNS ASK mo####letter.net
- DNS ASK se####beside.net
- DNS ASK la###beside.net
- DNS ASK se####surprise.net
- DNS ASK la####urprise.net
- DNS ASK se####different.net
- DNS ASK la####ifferent.net
- DNS ASK se####letter.net
- DNS ASK la###letter.net
- DNS ASK mo#####nsurprise.net
- DNS ASK wi####beside.net
- DNS ASK pe####sletter.net
- DNS ASK wi####surprise.net
- DNS ASK pe####sbeside.net
- DNS ASK wi####different.net
- DNS ASK su####tsurprise.net
- DNS ASK wi####letter.net
- DNS ASK pe#####different.net
- DNS ASK po####lebeside.net
- DNS ASK mo####inletter.net
- DNS ASK po#####esurprise.net
- DNS ASK mo####inbeside.net
- DNS ASK po#####edifferent.net
- DNS ASK pe####ssurprise.net
- DNS ASK po####leletter.net
- DNS ASK mo#####ndifferent.net
- DNS ASK le####entury.net
- DNS ASK fi####famous.net
- DNS ASK su####tcountry.net
- DNS ASK fi####century.net
- DNS ASK le###power.net
- DNS ASK fi####country.net
- DNS ASK le###famous.net
- DNS ASK fi###hpower.net
- DNS ASK wi####century.net
- DNS ASK su####tcentury.net
- DNS ASK pe####scountry.net
- DNS ASK wi####country.net
- DNS ASK wi###rpower.net
- DNS ASK su####tpower.net
- DNS ASK wi####famous.net
- DNS ASK su####tfamous.net
- DNS ASK le####ountry.net
- DNS ASK se####lfamous.net
- DNS ASK ma####alfamous.net
- DNS ASK se####lcentury.net
- DNS ASK ma####alcentury.net
- DNS ASK se####lcountry.net
- DNS ASK ma####alcountry.net
- DNS ASK se####lpower.net
- DNS ASK ma####alpower.net
- DNS ASK sw###famous.net
- DNS ASK pr####lyfamous.net
- DNS ASK sw####entury.net
- DNS ASK pr####lycentury.net
- DNS ASK sw####ountry.net
- DNS ASK pr####lycountry.net
- DNS ASK sw###power.net
- DNS ASK pr####lypower.net
- ClassName: 'Shell_TrayWnd' WindowName: ''