Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Time Detection IPsec PnP-X' = 'C:\crsgndrkaomh\uvimyvqjmlk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\VC Office Level IKE Player BitLocker PNRP] 'ImagePath' = 'C:\crsgndrkaomh\uvimyvqjmlk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\VC Office Level IKE Player BitLocker PNRP] 'Start' = '00000002'
- 'C:\crsgndrkaomh\qtvzlczxcm.exe' "c:\crsgndrkaomh\uvimyvqjmlk.exe"
- 'C:\crsgndrkaomh\uvimyvqjmlk.exe'
- 'C:\crsgndrkaomh\ayis39sgmjcncwrxpu.exe'
- C:\crsgndrkaomh\uvimyvqjmlk.exe
- C:\crsgndrkaomh\qtvzlczxcm.exe
- C:\crsgndrkaomh\ayis39sgmjcncwrxpu.exe
- %WINDIR%\crsgndrkaomh\ptatcnze
- C:\crsgndrkaomh\ptatcnze
- C:\crsgndrkaomh\qtvzlczxcm.exe
- C:\crsgndrkaomh\uvimyvqjmlk.exe
- C:\crsgndrkaomh\ayis39sgmjcncwrxpu.exe
- %WINDIR%\crsgndrkaomh\ptatcnze
- 'bu#####gairplane.net':80
- 'ev####gairplane.net':80
- 'mo####ntfence.net':80
- 'ou####efence.net':80
- 'bu####ngguard.net':80
- 'ev####gguard.net':80
- 'bu#####gstraight.net':80
- 'ev####gstraight.net':80
- 'mo#####tairplane.net':80
- 'ou####eairplane.net':80
- 'st####thbanker.net':80
- 'st###banker.net':80
- 'mo####ntguard.net':80
- 'ou####eguard.net':80
- 'mo#####tstraight.net':80
- 'ou####estraight.net':80
- 'bu####ngfence.net':80
- 'pr####airplane.net':80
- 'do####straight.net':80
- 'mi###fence.net':80
- 'do####airplane.net':80
- 'pr###yguard.net':80
- 'do###rfence.net':80
- 'pr####straight.net':80
- 'do###rguard.net':80
- 'mi####irplane.net':80
- 'st####traight.net':80
- 'ev####gfence.net':80
- 'st####irplane.net':80
- 'mi###guard.net':80
- 'st###fence.net':80
- 'mi####traight.net':80
- 'st###guard.net':80
- 'st####uccess.net':80
- 'fe####success.net':80
- 'fe####banker.net':80
- 'do###efound.net':80
- 'fe####spring.net':80
- 'br####spring.net':80
- 're####spring.net':80
- 'br###nfound.net':80
- 're###tfound.net':80
- 'pr####spring.net':80
- 'do####success.net':80
- 'pr###yfound.net':80
- 'do####spring.net':80
- 'pr####banker.net':80
- 'fe###wfound.net':80
- 'pr####success.net':80
- 'do####banker.net':80
- 'br####success.net':80
- 'de####banker.net':80
- 'st####thfound.net':80
- 'de####success.net':80
- 'pr####ebanker.net':80
- 'st###spring.net':80
- 'st####thsuccess.net':80
- 'st###found.net':80
- 'st####thspring.net':80
- 're####banker.net':80
- 'pr####efound.net':80
- 're####success.net':80
- 'br####banker.net':80
- 'de####spring.net':80
- 'pr####esuccess.net':80
- 'de###efound.net':80
- 'pr####espring.net':80
- http://bu#####gairplane.net/index.php
- http://ev####gairplane.net/index.php
- http://mo####ntfence.net/index.php
- http://ou####efence.net/index.php
- http://bu####ngguard.net/index.php
- http://ev####gguard.net/index.php
- http://bu#####gstraight.net/index.php
- http://ev####gstraight.net/index.php
- http://mo#####tairplane.net/index.php
- http://ou####eairplane.net/index.php
- http://st####thbanker.net/index.php
- http://st###banker.net/index.php
- http://mo####ntguard.net/index.php
- http://ou####eguard.net/index.php
- http://mo#####tstraight.net/index.php
- http://ou####estraight.net/index.php
- http://bu####ngfence.net/index.php
- http://pr####airplane.net/index.php
- http://do####straight.net/index.php
- http://mi###fence.net/index.php
- http://do####airplane.net/index.php
- http://pr###yguard.net/index.php
- http://do###rfence.net/index.php
- http://pr####straight.net/index.php
- http://do###rguard.net/index.php
- http://mi####irplane.net/index.php
- http://st####traight.net/index.php
- http://ev####gfence.net/index.php
- http://st####irplane.net/index.php
- http://mi###guard.net/index.php
- http://st###fence.net/index.php
- http://mi####traight.net/index.php
- http://st###guard.net/index.php
- http://st####uccess.net/index.php
- http://fe####success.net/index.php
- http://fe####banker.net/index.php
- http://do###efound.net/index.php
- http://fe####spring.net/index.php
- http://br####spring.net/index.php
- http://re####spring.net/index.php
- http://br###nfound.net/index.php
- http://re###tfound.net/index.php
- http://pr####spring.net/index.php
- http://do####success.net/index.php
- http://pr###yfound.net/index.php
- http://do####spring.net/index.php
- http://pr####banker.net/index.php
- http://fe###wfound.net/index.php
- http://pr####success.net/index.php
- http://do####banker.net/index.php
- http://br####success.net/index.php
- http://de####banker.net/index.php
- http://st####thfound.net/index.php
- http://de####success.net/index.php
- http://pr####ebanker.net/index.php
- http://st###spring.net/index.php
- http://st####thsuccess.net/index.php
- http://st###found.net/index.php
- http://st####thspring.net/index.php
- http://re####banker.net/index.php
- http://pr####efound.net/index.php
- http://re####success.net/index.php
- http://br####banker.net/index.php
- http://de####spring.net/index.php
- http://pr####esuccess.net/index.php
- http://de###efound.net/index.php
- http://pr####espring.net/index.php
- DNS ASK ev####gairplane.net
- DNS ASK bu#####gstraight.net
- DNS ASK ou####efence.net
- DNS ASK bu#####gairplane.net
- DNS ASK ev####gguard.net
- DNS ASK bu####ngfence.net
- DNS ASK ev####gstraight.net
- DNS ASK bu####ngguard.net
- DNS ASK mo####ntfence.net
- DNS ASK mo#####tairplane.net
- DNS ASK ou####eairplane.net
- DNS ASK st####thbanker.net
- DNS ASK st###banker.net
- DNS ASK mo####ntguard.net
- DNS ASK ou####eguard.net
- DNS ASK mo#####tstraight.net
- DNS ASK ou####estraight.net
- DNS ASK do####straight.net
- DNS ASK pr####straight.net
- DNS ASK do####airplane.net
- DNS ASK pr####airplane.net
- DNS ASK do###rfence.net
- DNS ASK pr###yfence.net
- DNS ASK do###rguard.net
- DNS ASK pr###yguard.net
- DNS ASK mi###fence.net
- DNS ASK mi####irplane.net
- DNS ASK st####traight.net
- DNS ASK ev####gfence.net
- DNS ASK st####irplane.net
- DNS ASK mi###guard.net
- DNS ASK st###fence.net
- DNS ASK mi####traight.net
- DNS ASK st###guard.net
- DNS ASK fe####banker.net
- DNS ASK br###nfound.net
- DNS ASK fe####spring.net
- DNS ASK fe####success.net
- DNS ASK re####spring.net
- DNS ASK br####success.net
- DNS ASK re###tfound.net
- DNS ASK br####spring.net
- DNS ASK do###efound.net
- DNS ASK pr####spring.net
- DNS ASK do####success.net
- DNS ASK pr###yfound.net
- DNS ASK do####spring.net
- DNS ASK pr####banker.net
- DNS ASK fe###wfound.net
- DNS ASK pr####success.net
- DNS ASK do####banker.net
- DNS ASK st####thfound.net
- DNS ASK st###found.net
- DNS ASK pr####ebanker.net
- DNS ASK de####banker.net
- DNS ASK st####thsuccess.net
- DNS ASK st####uccess.net
- DNS ASK st####thspring.net
- DNS ASK st###spring.net
- DNS ASK de####success.net
- DNS ASK re####banker.net
- DNS ASK pr####efound.net
- DNS ASK re####success.net
- DNS ASK br####banker.net
- DNS ASK de####spring.net
- DNS ASK pr####esuccess.net
- DNS ASK de###efound.net
- DNS ASK pr####espring.net
- ClassName: 'Shell_TrayWnd' WindowName: ''