Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Block Virtual Protected Host Distributed Files' = 'C:\sojjsip\pzdyxrhsbmx.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Panel Link Receiver Computer] 'ImagePath' = 'C:\sojjsip\pzdyxrhsbmx.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Panel Link Receiver Computer] 'Start' = '00000002'
- 'C:\sojjsip\wffpzbjhfp.exe' "c:\sojjsip\pzdyxrhsbmx.exe"
- 'C:\sojjsip\pzdyxrhsbmx.exe'
- 'C:\sojjsip\lrure2w3esxwmdwlpfu.exe'
- C:\sojjsip\pzdyxrhsbmx.exe
- C:\sojjsip\wffpzbjhfp.exe
- C:\sojjsip\lrure2w3esxwmdwlpfu.exe
- %WINDIR%\sojjsip\wvxesgipzfjl
- C:\sojjsip\wvxesgipzfjl
- C:\sojjsip\wffpzbjhfp.exe
- C:\sojjsip\pzdyxrhsbmx.exe
- C:\sojjsip\lrure2w3esxwmdwlpfu.exe
- %WINDIR%\sojjsip\wvxesgipzfjl
- 'si###ebeing.net':80
- 'mo###rbeing.net':80
- 'si####beyond.net':80
- 'mo####beyond.net':80
- 'si####bottom.net':80
- 'mo####bottom.net':80
- 'si####forever.net':80
- 'mo####forever.net':80
- 'la###bottom.net':80
- 'la###beyond.net':80
- 'se###abeing.net':80
- 'fi###close.net':80
- 'se####beyond.net':80
- 'la####orever.net':80
- 'se####bottom.net':80
- 'la###being.net':80
- 'se####forever.net':80
- 'mo####inbeyond.net':80
- 'pe####sforever.net':80
- 'wi####forever.net':80
- 'pe####sbeing.net':80
- 'wi###wbeing.net':80
- 'su####tbeyond.net':80
- 'wi###rbeing.net':80
- 'pe####sbottom.net':80
- 'wi####bottom.net':80
- 'wi####beyond.net':80
- 'po####lebeing.net':80
- 'mo####inforever.net':80
- 'po####lebeyond.net':80
- 'mo####inbeing.net':80
- 'po####lebottom.net':80
- 'pe####sbeyond.net':80
- 'po####leforever.net':80
- 'mo####inbottom.net':80
- 'cr###close.net':80
- 'th####tspace.net':80
- 'cr###yellow.net':80
- 'su###rclose.net':80
- 'wa###travel.net':80
- 'th####tyellow.net':80
- 'wa###space.net':80
- 'th####ttravel.net':80
- 'su####yellow.net':80
- 'be###close.net':80
- 'kn###close.net':80
- 'be###yellow.net':80
- 'kn###yellow.net':80
- 'su####travel.net':80
- 'cr###travel.net':80
- 'su###rspace.net':80
- 'cr###space.net':80
- 'wa###yellow.net':80
- 'fi###space.net':80
- 'pa###travel.net':80
- 'sm###close.net':80
- 'pa###space.net':80
- 'fi###yellow.net':80
- 'pa###close.net':80
- 'fi###travel.net':80
- 'pa###yellow.net':80
- 'wo###close.net':80
- 'wo###space.net':80
- 'sm###space.net':80
- 'th####tclose.net':80
- 'wa###close.net':80
- 'wo###yellow.net':80
- 'sm###yellow.net':80
- 'wo###travel.net':80
- 'sm###travel.net':80
- http://si###ebeing.net/index.php
- http://mo###rbeing.net/index.php
- http://si####beyond.net/index.php
- http://mo####beyond.net/index.php
- http://si####bottom.net/index.php
- http://mo####bottom.net/index.php
- http://si####forever.net/index.php
- http://mo####forever.net/index.php
- http://la###bottom.net/index.php
- http://la###beyond.net/index.php
- http://se###abeing.net/index.php
- http://fi###close.net/index.php
- http://se####beyond.net/index.php
- http://la####orever.net/index.php
- http://se####bottom.net/index.php
- http://la###being.net/index.php
- http://se####forever.net/index.php
- http://mo####inbeyond.net/index.php
- http://pe####sforever.net/index.php
- http://wi####forever.net/index.php
- http://pe####sbeing.net/index.php
- http://wi###wbeing.net/index.php
- http://su####tbeyond.net/index.php
- http://wi###rbeing.net/index.php
- http://pe####sbottom.net/index.php
- http://wi####bottom.net/index.php
- http://wi####beyond.net/index.php
- http://po####lebeing.net/index.php
- http://mo####inforever.net/index.php
- http://po####lebeyond.net/index.php
- http://mo####inbeing.net/index.php
- http://po####lebottom.net/index.php
- http://pe####sbeyond.net/index.php
- http://po####leforever.net/index.php
- http://mo####inbottom.net/index.php
- http://cr###close.net/index.php
- http://th####tspace.net/index.php
- http://cr###yellow.net/index.php
- http://su###rclose.net/index.php
- http://wa###travel.net/index.php
- http://th####tyellow.net/index.php
- http://wa###space.net/index.php
- http://th####ttravel.net/index.php
- http://su####yellow.net/index.php
- http://be###close.net/index.php
- http://kn###close.net/index.php
- http://be###yellow.net/index.php
- http://kn###yellow.net/index.php
- http://su####travel.net/index.php
- http://cr###travel.net/index.php
- http://su###rspace.net/index.php
- http://cr###space.net/index.php
- http://wa###yellow.net/index.php
- http://fi###space.net/index.php
- http://pa###travel.net/index.php
- http://sm###close.net/index.php
- http://pa###space.net/index.php
- http://fi###yellow.net/index.php
- http://pa###close.net/index.php
- http://fi###travel.net/index.php
- http://pa###yellow.net/index.php
- http://wo###close.net/index.php
- http://wo###space.net/index.php
- http://sm###space.net/index.php
- http://th####tclose.net/index.php
- http://wa###close.net/index.php
- http://wo###yellow.net/index.php
- http://sm###yellow.net/index.php
- http://wo###travel.net/index.php
- http://sm###travel.net/index.php
- DNS ASK mo###rbeing.net
- DNS ASK si####forever.net
- DNS ASK mo####beyond.net
- DNS ASK si###ebeing.net
- DNS ASK mo####bottom.net
- DNS ASK mo####inbeyond.net
- DNS ASK mo####forever.net
- DNS ASK si####bottom.net
- DNS ASK si####beyond.net
- DNS ASK se###abeing.net
- DNS ASK la###being.net
- DNS ASK se####beyond.net
- DNS ASK la###beyond.net
- DNS ASK se####bottom.net
- DNS ASK la###bottom.net
- DNS ASK se####forever.net
- DNS ASK la####orever.net
- DNS ASK po####lebeyond.net
- DNS ASK wi####forever.net
- DNS ASK pe####sbottom.net
- DNS ASK wi###wbeing.net
- DNS ASK pe####sforever.net
- DNS ASK wi###rbeing.net
- DNS ASK su####tbeing.net
- DNS ASK wi####bottom.net
- DNS ASK su####tbeyond.net
- DNS ASK pe####sbeing.net
- DNS ASK mo####inforever.net
- DNS ASK po####leforever.net
- DNS ASK mo####inbeing.net
- DNS ASK po####lebeing.net
- DNS ASK pe####sbeyond.net
- DNS ASK wi####beyond.net
- DNS ASK mo####inbottom.net
- DNS ASK po####lebottom.net
- DNS ASK fi###close.net
- DNS ASK cr###close.net
- DNS ASK th####tspace.net
- DNS ASK cr###yellow.net
- DNS ASK su###rclose.net
- DNS ASK wa###travel.net
- DNS ASK th####tyellow.net
- DNS ASK wa###space.net
- DNS ASK th####ttravel.net
- DNS ASK su####yellow.net
- DNS ASK be###close.net
- DNS ASK kn###close.net
- DNS ASK be###yellow.net
- DNS ASK kn###yellow.net
- DNS ASK su####travel.net
- DNS ASK cr###travel.net
- DNS ASK su###rspace.net
- DNS ASK cr###space.net
- DNS ASK wa###yellow.net
- DNS ASK fi###space.net
- DNS ASK pa###travel.net
- DNS ASK sm###close.net
- DNS ASK pa###space.net
- DNS ASK fi###yellow.net
- DNS ASK pa###close.net
- DNS ASK fi###travel.net
- DNS ASK pa###yellow.net
- DNS ASK wo###close.net
- DNS ASK wo###space.net
- DNS ASK sm###space.net
- DNS ASK th####tclose.net
- DNS ASK wa###close.net
- DNS ASK wo###yellow.net
- DNS ASK sm###yellow.net
- DNS ASK wo###travel.net
- DNS ASK sm###travel.net
- ClassName: 'Shell_TrayWnd' WindowName: ''