Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Detection Notification File KtmRm Alerts' = 'C:\bzowdcwmmrv\jruioqxpow.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Device Cache Locator BranchCache Logs] 'ImagePath' = 'C:\bzowdcwmmrv\jruioqxpow.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Device Cache Locator BranchCache Logs] 'Start' = '00000002'
- 'C:\bzowdcwmmrv\vkowedwpbd.exe' "c:\bzowdcwmmrv\jruioqxpow.exe"
- 'C:\bzowdcwmmrv\jruioqxpow.exe'
- 'C:\bzowdcwmmrv\nml2g1pu2gob1jjshc.exe'
- C:\bzowdcwmmrv\jruioqxpow.exe
- C:\bzowdcwmmrv\vkowedwpbd.exe
- C:\bzowdcwmmrv\nml2g1pu2gob1jjshc.exe
- %WINDIR%\bzowdcwmmrv\kqgjc83i
- C:\bzowdcwmmrv\kqgjc83i
- C:\bzowdcwmmrv\vkowedwpbd.exe
- C:\bzowdcwmmrv\jruioqxpow.exe
- C:\bzowdcwmmrv\nml2g1pu2gob1jjshc.exe
- %WINDIR%\bzowdcwmmrv\kqgjc83i
- 'fi###eguard.net':80
- 'th###hguard.net':80
- 'th####straight.net':80
- 'th####airplane.net':80
- 'fi####straight.net':80
- 'ci#####teairplane.net':80
- 'pi####estraight.net':80
- 'pi####eairplane.net':80
- 'fi###efence.net':80
- 'th###hfence.net':80
- 'wh####rstraight.net':80
- 'ri####traight.net':80
- 'ri####irplane.net':80
- 'fo####nfence.net':80
- 'wh####rairplane.net':80
- 'ri###fence.net':80
- 'fi####airplane.net':80
- 'wh####rfence.net':80
- 'wh####rguard.net':80
- 'ri###guard.net':80
- 'ci#####testraight.net':80
- 'en####hairplane.net':80
- 'ei####straight.net':80
- 'ei####airplane.net':80
- 'ch####enfence.net':80
- 'fa###yfence.net':80
- 'ei###rfence.net':80
- 'en####hfence.net':80
- 'en####hguard.net':80
- 'en####hstraight.net':80
- 'ei###rguard.net':80
- 'ci####ttefence.net':80
- 'ch#####nairplane.net':80
- 'pi####efence.net':80
- 'pi####eguard.net':80
- 'ci####tteguard.net':80
- 'ch####enguard.net':80
- 'fa###yguard.net':80
- 'fa####straight.net':80
- 'fa####airplane.net':80
- 'ch#####nstraight.net':80
- 'en####hspring.net':80
- 'ei####success.net':80
- 'ei####spring.net':80
- 'ei###rfound.net':80
- 'en####hfound.net':80
- 'ex####airplane.net':80
- 'be####eairplane.net':80
- 'en####hbanker.net':80
- 'en####hsuccess.net':80
- 'ei####banker.net':80
- 'fa###yfound.net':80
- 'ch####enspring.net':80
- 'ch####enfound.net':80
- 'pi####ebanker.net':80
- 'ci####ttebanker.net':80
- 'ch####enbanker.net':80
- 'fa####banker.net':80
- 'fa####success.net':80
- 'fa####spring.net':80
- 'ch####ensuccess.net':80
- 'ex####straight.net':80
- 'su####airplane.net':80
- 'fo####nairplane.net':80
- 'ma####efence.net':80
- 'ma####eguard.net':80
- 'pe###nfence.net':80
- 'fo####nguard.net':80
- 'su###nfence.net':80
- 'su###nguard.net':80
- 'su####straight.net':80
- 'fo####nstraight.net':80
- 'ex###tfence.net':80
- 'be####efence.net':80
- 'be####eguard.net':80
- 'be####estraight.net':80
- 'ex###tguard.net':80
- 'ma####estraight.net':80
- 'pe###nguard.net':80
- 'pe####straight.net':80
- 'pe####airplane.net':80
- 'ma####eairplane.net':80
- http://fi###eguard.net/index.php
- http://th###hguard.net/index.php
- http://th####straight.net/index.php
- http://th####airplane.net/index.php
- http://fi####straight.net/index.php
- http://ci#####teairplane.net/index.php
- http://pi####estraight.net/index.php
- http://pi####eairplane.net/index.php
- http://fi###efence.net/index.php
- http://th###hfence.net/index.php
- http://wh####rstraight.net/index.php
- http://ri####traight.net/index.php
- http://ri####irplane.net/index.php
- http://fo####nfence.net/index.php
- http://wh####rairplane.net/index.php
- http://ri###fence.net/index.php
- http://fi####airplane.net/index.php
- http://wh####rfence.net/index.php
- http://wh####rguard.net/index.php
- http://ri###guard.net/index.php
- http://ci#####testraight.net/index.php
- http://en####hairplane.net/index.php
- http://ei####straight.net/index.php
- http://ei####airplane.net/index.php
- http://ch####enfence.net/index.php
- http://fa###yfence.net/index.php
- http://ei###rfence.net/index.php
- http://en####hfence.net/index.php
- http://en####hguard.net/index.php
- http://en####hstraight.net/index.php
- http://ei###rguard.net/index.php
- http://ci####ttefence.net/index.php
- http://ch#####nairplane.net/index.php
- http://pi####efence.net/index.php
- http://pi####eguard.net/index.php
- http://ci####tteguard.net/index.php
- http://ch####enguard.net/index.php
- http://fa###yguard.net/index.php
- http://fa####straight.net/index.php
- http://fa####airplane.net/index.php
- http://ch#####nstraight.net/index.php
- http://en####hspring.net/index.php
- http://ei####success.net/index.php
- http://ei####spring.net/index.php
- http://ei###rfound.net/index.php
- http://en####hfound.net/index.php
- http://ex####airplane.net/index.php
- http://be####eairplane.net/index.php
- http://en####hbanker.net/index.php
- http://en####hsuccess.net/index.php
- http://ei####banker.net/index.php
- http://fa###yfound.net/index.php
- http://ch####enspring.net/index.php
- http://ch####enfound.net/index.php
- http://pi####ebanker.net/index.php
- http://ci####ttebanker.net/index.php
- http://ch####enbanker.net/index.php
- http://fa####banker.net/index.php
- http://fa####success.net/index.php
- http://fa####spring.net/index.php
- http://ch####ensuccess.net/index.php
- http://ex####straight.net/index.php
- http://su####airplane.net/index.php
- http://fo####nairplane.net/index.php
- http://ma####efence.net/index.php
- http://ma####eguard.net/index.php
- http://pe###nfence.net/index.php
- http://fo####nguard.net/index.php
- http://su###nfence.net/index.php
- http://su###nguard.net/index.php
- http://su####straight.net/index.php
- http://fo####nstraight.net/index.php
- http://ex###tfence.net/index.php
- http://be####efence.net/index.php
- http://be####eguard.net/index.php
- http://be####estraight.net/index.php
- http://ex###tguard.net/index.php
- http://ma####estraight.net/index.php
- http://pe###nguard.net/index.php
- http://pe####straight.net/index.php
- http://pe####airplane.net/index.php
- http://ma####eairplane.net/index.php
- DNS ASK th###hguard.net
- DNS ASK fi###efence.net
- DNS ASK fi###eguard.net
- DNS ASK fi####straight.net
- DNS ASK th####straight.net
- DNS ASK pi####estraight.net
- DNS ASK ci#####testraight.net
- DNS ASK ci#####teairplane.net
- DNS ASK th###hfence.net
- DNS ASK pi####eairplane.net
- DNS ASK ri####traight.net
- DNS ASK wh####rguard.net
- DNS ASK wh####rstraight.net
- DNS ASK wh####rairplane.net
- DNS ASK ri####irplane.net
- DNS ASK fi####airplane.net
- DNS ASK th####airplane.net
- DNS ASK ri###fence.net
- DNS ASK ri###guard.net
- DNS ASK wh####rfence.net
- DNS ASK pi####eguard.net
- DNS ASK ei####straight.net
- DNS ASK en####hstraight.net
- DNS ASK en####hairplane.net
- DNS ASK fa###yfence.net
- DNS ASK ei####airplane.net
- DNS ASK en####hfence.net
- DNS ASK mo####ntmatter.net
- DNS ASK ei###rfence.net
- DNS ASK ei###rguard.net
- DNS ASK en####hguard.net
- DNS ASK ch#####nairplane.net
- DNS ASK fa####airplane.net
- DNS ASK ci####ttefence.net
- DNS ASK ci####tteguard.net
- DNS ASK pi####efence.net
- DNS ASK fa###yguard.net
- DNS ASK ch####enfence.net
- DNS ASK ch####enguard.net
- DNS ASK ch#####nstraight.net
- DNS ASK fa####straight.net
- DNS ASK fo####nfence.net
- DNS ASK en####hspring.net
- DNS ASK ei####success.net
- DNS ASK ei####spring.net
- DNS ASK ei###rfound.net
- DNS ASK en####hfound.net
- DNS ASK ex####airplane.net
- DNS ASK be####eairplane.net
- DNS ASK en####hbanker.net
- DNS ASK en####hsuccess.net
- DNS ASK ei####banker.net
- DNS ASK fa###yfound.net
- DNS ASK ch####enspring.net
- DNS ASK ch####enfound.net
- DNS ASK pi####ebanker.net
- DNS ASK ci####ttebanker.net
- DNS ASK ch####enbanker.net
- DNS ASK fa####banker.net
- DNS ASK fa####success.net
- DNS ASK fa####spring.net
- DNS ASK ch####ensuccess.net
- DNS ASK ex####straight.net
- DNS ASK su####airplane.net
- DNS ASK fo####nairplane.net
- DNS ASK ma####efence.net
- DNS ASK ma####eguard.net
- DNS ASK pe###nfence.net
- DNS ASK fo####nguard.net
- DNS ASK su###nfence.net
- DNS ASK su###nguard.net
- DNS ASK su####straight.net
- DNS ASK fo####nstraight.net
- DNS ASK ex###tfence.net
- DNS ASK be####efence.net
- DNS ASK be####eguard.net
- DNS ASK be####estraight.net
- DNS ASK ex###tguard.net
- DNS ASK ma####estraight.net
- DNS ASK pe###nguard.net
- DNS ASK pe####straight.net
- DNS ASK pe####airplane.net
- DNS ASK ma####eairplane.net
- ClassName: 'Shell_TrayWnd' WindowName: ''