Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Disk Microsoft NGEN Backup Machine Hardware' = 'C:\pesdxkyoxhp\ibgtyfqxwt.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\iSCSI Netlogon Support Health] 'Start' = '00000002'
- 'C:\pesdxkyoxhp\whvijnakwm.exe' "c:\pesdxkyoxhp\ibgtyfqxwt.exe"
- 'C:\pesdxkyoxhp\ibgtyfqxwt.exe'
- 'C:\pesdxkyoxhp\omrtm2qkmswhzykyey.exe'
- C:\pesdxkyoxhp\ibgtyfqxwt.exe
- C:\pesdxkyoxhp\whvijnakwm.exe
- C:\pesdxkyoxhp\is8djhse7qmz
- %WINDIR%\pesdxkyoxhp\jrlwcidpkq
- C:\pesdxkyoxhp\jrlwcidpkq
- C:\pesdxkyoxhp\omrtm2qkmswhzykyey.exe
- C:\pesdxkyoxhp\whvijnakwm.exe
- C:\pesdxkyoxhp\ibgtyfqxwt.exe
- C:\pesdxkyoxhp\omrtm2qkmswhzykyey.exe
- %WINDIR%\pesdxkyoxhp\jrlwcidpkq
- 're####delight.net':80
- 'de####number.net':80
- 're#####lectricity.net':80
- 'va####sdelight.net':80
- 'fo####dposition.net':80
- 'de####strike.net':80
- 'fo####dnumber.net':80
- 'de####position.net':80
- 'ge####delight.net':80
- 'va####sborrow.net':80
- 'ge###etrain.net':80
- 'ge#####lectricity.net':80
- 're###ntrain.net':80
- 'va#####electricity.net':80
- 're####borrow.net':80
- 'va####strain.net':80
- 'gl####artial.net':80
- 'di####ultnumber.net':80
- 'gl###strike.net':80
- 'an####partial.net':80
- 'he####osition.net':80
- 'di####ultstrike.net':80
- 'he###number.net':80
- 'di#####ltposition.net':80
- 'fo####dpartial.net':80
- 'an####number.net':80
- 'fo####dstrike.net':80
- 'de####partial.net':80
- 'gl####osition.net':80
- 'an####strike.net':80
- 'gl###number.net':80
- 'an####position.net':80
- 'ne####arytrain.net':80
- 'pl#####telectricity.net':80
- 'ne####aryborrow.net':80
- 'pl####nttrain.net':80
- 'ne#####rydelight.net':80
- 'or###borrow.net':80
- 'ne######yelectricity.net':80
- 'pl####ntdelight.net':80
- 'he###train.net':80
- 'di######telectricity.net':80
- 'he###borrow.net':80
- 'di####ulttrain.net':80
- 'he####elight.net':80
- 'pl####ntborrow.net':80
- 'he#####ectricity.net':80
- 'di#####ltdelight.net':80
- 'he###ntrain.net':80
- 'le#####lectricity.net':80
- 'he####borrow.net':80
- 'le###rtrain.net':80
- 'he####delight.net':80
- 'ge####borrow.net':80
- 'he#####lectricity.net':80
- 'le####delight.net':80
- 're####etrain.net':80
- 'or#####ectricity.net':80
- 're####eborrow.net':80
- 'or###train.net':80
- 're####edelight.net':80
- 'le####borrow.net':80
- 're#####electricity.net':80
- 'or####elight.net':80
- http://re####delight.net/index.php?me########
- http://de####number.net/index.php?me########
- http://re#####lectricity.net/index.php?me########
- http://va####sdelight.net/index.php?me########
- http://fo####dposition.net/index.php?me########
- http://de####strike.net/index.php?me########
- http://fo####dnumber.net/index.php?me########
- http://de####position.net/index.php?me########
- http://ge####delight.net/index.php?me########
- http://va####sborrow.net/index.php?me########
- http://ge###etrain.net/index.php?me########
- http://ge#####lectricity.net/index.php?me########
- http://re###ntrain.net/index.php?me########
- http://va#####electricity.net/index.php?me########
- http://re####borrow.net/index.php?me########
- http://va####strain.net/index.php?me########
- http://gl####artial.net/index.php?me########
- http://di####ultnumber.net/index.php?me########
- http://gl###strike.net/index.php?me########
- http://an####partial.net/index.php?me########
- http://he####osition.net/index.php?me########
- http://di####ultstrike.net/index.php?me########
- http://he###number.net/index.php?me########
- http://di#####ltposition.net/index.php?me########
- http://fo####dpartial.net/index.php?me########
- http://an####number.net/index.php?me########
- http://fo####dstrike.net/index.php?me########
- http://de####partial.net/index.php?me########
- http://gl####osition.net/index.php?me########
- http://an####strike.net/index.php?me########
- http://gl###number.net/index.php?me########
- http://an####position.net/index.php?me########
- http://ne####arytrain.net/index.php?me########
- http://pl#####telectricity.net/index.php?me########
- http://ne####aryborrow.net/index.php?me########
- http://pl####nttrain.net/index.php?me########
- http://ne#####rydelight.net/index.php?me########
- http://or###borrow.net/index.php?me########
- http://ne######yelectricity.net/index.php?me########
- http://pl####ntdelight.net/index.php?me########
- http://he###train.net/index.php?me########
- http://di######telectricity.net/index.php?me########
- http://he###borrow.net/index.php?me########
- http://di####ulttrain.net/index.php?me########
- http://he####elight.net/index.php?me########
- http://pl####ntborrow.net/index.php?me########
- http://he#####ectricity.net/index.php?me########
- http://di#####ltdelight.net/index.php?me########
- http://he###ntrain.net/index.php?me########
- http://le#####lectricity.net/index.php?me########
- http://he####borrow.net/index.php?me########
- http://le###rtrain.net/index.php?me########
- http://he####delight.net/index.php?me########
- http://ge####borrow.net/index.php?me########
- http://he#####lectricity.net/index.php?me########
- http://le####delight.net/index.php?me########
- http://re####etrain.net/index.php?me########
- http://or#####ectricity.net/index.php?me########
- http://re####eborrow.net/index.php?me########
- http://or###train.net/index.php?me########
- http://re####edelight.net/index.php?me########
- http://le####borrow.net/index.php?me########
- http://re#####electricity.net/index.php?me########
- http://or####elight.net/index.php?me########
- DNS ASK de####number.net
- DNS ASK fo####dnumber.net
- DNS ASK va####sdelight.net
- DNS ASK re####delight.net
- DNS ASK de####strike.net
- DNS ASK fo####dstrike.net
- DNS ASK de####position.net
- DNS ASK fo####dposition.net
- DNS ASK va####sborrow.net
- DNS ASK re####borrow.net
- DNS ASK ge#####lectricity.net
- DNS ASK ge####delight.net
- DNS ASK va#####electricity.net
- DNS ASK re#####lectricity.net
- DNS ASK va####strain.net
- DNS ASK re###ntrain.net
- DNS ASK di####ultnumber.net
- DNS ASK he###number.net
- DNS ASK an####partial.net
- DNS ASK gl####artial.net
- DNS ASK di####ultstrike.net
- DNS ASK he###strike.net
- DNS ASK di#####ltposition.net
- DNS ASK he####osition.net
- DNS ASK an####number.net
- DNS ASK gl###number.net
- DNS ASK de####partial.net
- DNS ASK fo####dpartial.net
- DNS ASK an####strike.net
- DNS ASK gl###strike.net
- DNS ASK an####position.net
- DNS ASK gl####osition.net
- DNS ASK ge###etrain.net
- DNS ASK ne####arytrain.net
- DNS ASK pl#####telectricity.net
- DNS ASK ne####aryborrow.net
- DNS ASK pl####nttrain.net
- DNS ASK ne#####rydelight.net
- DNS ASK or###borrow.net
- DNS ASK ne######yelectricity.net
- DNS ASK pl####ntdelight.net
- DNS ASK he###train.net
- DNS ASK di######telectricity.net
- DNS ASK he###borrow.net
- DNS ASK di####ulttrain.net
- DNS ASK he####elight.net
- DNS ASK pl####ntborrow.net
- DNS ASK he#####ectricity.net
- DNS ASK di#####ltdelight.net
- DNS ASK he###ntrain.net
- DNS ASK le#####lectricity.net
- DNS ASK he####borrow.net
- DNS ASK le###rtrain.net
- DNS ASK he####delight.net
- DNS ASK ge####borrow.net
- DNS ASK he#####lectricity.net
- DNS ASK le####delight.net
- DNS ASK re####etrain.net
- DNS ASK or#####ectricity.net
- DNS ASK re####eborrow.net
- DNS ASK or###train.net
- DNS ASK re####edelight.net
- DNS ASK le####borrow.net
- DNS ASK re#####electricity.net
- DNS ASK or####elight.net
- ClassName: 'Shell_TrayWnd' WindowName: ''