Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Location Now AutoConnect Browser Update' = 'C:\zmczgvw\xdujalhrwcw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\PC Connection AutoConnect Image Smart] 'Start' = '00000002'
- 'C:\zmczgvw\myprkpkgzidq.exe' "c:\zmczgvw\xdujalhrwcw.exe"
- 'C:\zmczgvw\xdujalhrwcw.exe'
- 'C:\zmczgvw\qvcwm3zj3tbnywykmfh.exe'
- C:\zmczgvw\xdujalhrwcw.exe
- C:\zmczgvw\myprkpkgzidq.exe
- C:\zmczgvw\lvd5bgou
- %WINDIR%\zmczgvw\puc9xw1l
- C:\zmczgvw\puc9xw1l
- C:\zmczgvw\qvcwm3zj3tbnywykmfh.exe
- C:\zmczgvw\myprkpkgzidq.exe
- C:\zmczgvw\xdujalhrwcw.exe
- C:\zmczgvw\qvcwm3zj3tbnywykmfh.exe
- %WINDIR%\zmczgvw\puc9xw1l
- 'pl#####tairplane.net':80
- 'he###fence.net':80
- 'pl#####tstraight.net':80
- 'ne#####ryairplane.net':80
- 'di####ultguard.net':80
- 'he####traight.net':80
- 'di####ultfence.net':80
- 'he###guard.net':80
- 'or####irplane.net':80
- 'ne####aryfence.net':80
- 'or####traight.net':80
- 're####eairplane.net':80
- 'pl####ntguard.net':80
- 'ne#####rystraight.net':80
- 'pl####ntfence.net':80
- 'ne####aryguard.net':80
- 'di#####ltstraight.net':80
- 'fo####dfence.net':80
- 'de###efence.net':80
- 'gl####irplane.net':80
- 'an####airplane.net':80
- 'fo####dstraight.net':80
- 'de####straight.net':80
- 'fo####dguard.net':80
- 'de###eguard.net':80
- 'gl###fence.net':80
- 'an###rfence.net':80
- 'he####irplane.net':80
- 'di#####ltairplane.net':80
- 'gl####traight.net':80
- 'an####straight.net':80
- 'gl###guard.net':80
- 'an###rguard.net':80
- http://pl#####tairplane.net/index.php?me########
- http://he###fence.net/index.php?me########
- http://pl#####tstraight.net/index.php?me########
- http://ne#####ryairplane.net/index.php?me########
- http://di####ultguard.net/index.php?me########
- http://he####traight.net/index.php?me########
- http://di####ultfence.net/index.php?me########
- http://he###guard.net/index.php?me########
- http://or####irplane.net/index.php?me########
- http://ne####aryfence.net/index.php?me########
- http://or####traight.net/index.php?me########
- http://re####eairplane.net/index.php?me########
- http://pl####ntguard.net/index.php?me########
- http://ne#####rystraight.net/index.php?me########
- http://pl####ntfence.net/index.php?me########
- http://ne####aryguard.net/index.php?me########
- http://di#####ltstraight.net/index.php?me########
- http://fo####dfence.net/index.php?me########
- http://de###efence.net/index.php?me########
- http://gl####irplane.net/index.php?me########
- http://an####airplane.net/index.php?me########
- http://fo####dstraight.net/index.php?me########
- http://de####straight.net/index.php?me########
- http://fo####dguard.net/index.php?me########
- http://de###eguard.net/index.php?me########
- http://gl###fence.net/index.php?me########
- http://an###rfence.net/index.php?me########
- http://he####irplane.net/index.php?me########
- http://di#####ltairplane.net/index.php?me########
- http://gl####traight.net/index.php?me########
- http://an####straight.net/index.php?me########
- http://gl###guard.net/index.php?me########
- http://an###rguard.net/index.php?me########
- DNS ASK pl#####tairplane.net
- DNS ASK he###fence.net
- DNS ASK pl#####tstraight.net
- DNS ASK ne#####ryairplane.net
- DNS ASK di####ultguard.net
- DNS ASK he####traight.net
- DNS ASK di####ultfence.net
- DNS ASK he###guard.net
- DNS ASK ne#####rystraight.net
- DNS ASK re####eairplane.net
- DNS ASK or####irplane.net
- DNS ASK re####estraight.net
- DNS ASK or####traight.net
- DNS ASK ne####aryguard.net
- DNS ASK pl####ntguard.net
- DNS ASK ne####aryfence.net
- DNS ASK pl####ntfence.net
- DNS ASK fo####dfence.net
- DNS ASK de###efence.net
- DNS ASK gl####irplane.net
- DNS ASK an####airplane.net
- DNS ASK fo####dstraight.net
- DNS ASK de####straight.net
- DNS ASK fo####dguard.net
- DNS ASK de###eguard.net
- DNS ASK an####straight.net
- DNS ASK di#####ltairplane.net
- DNS ASK gl###fence.net
- DNS ASK di#####ltstraight.net
- DNS ASK he####irplane.net
- DNS ASK an###rguard.net
- DNS ASK gl####traight.net
- DNS ASK an###rfence.net
- DNS ASK gl###guard.net
- ClassName: 'Shell_TrayWnd' WindowName: ''