Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WMI Image Thread Netlogon Cache' = 'C:\do8s3yh5\qgeeavxdbvx.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Debugger Font Software Desktop Net.Tcp Visual] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Debugger Font Software Desktop Net.Tcp Visual] 'ImagePath' = 'C:\do8s3yh5\qgeeavxdbvx.exe'
- %WINDIR%\do8s3yh5\zjdhrmplsbzb
- C:\do8s3yh5\zjdhrmplsbzb
- C:\do8s3yh5\vuw177z2kp8qyeubbzchfq2.exe
- C:\do8s3yh5\qgeeavxdbvx.exe
- C:\do8s3yh5\gnnjhqwry7pt.exe
- C:\do8s3yh5\otpv2ayoiddu
- C:\do8s3yh5\qgeeavxdbvx.exe
- C:\do8s3yh5\gnnjhqwry7pt.exe
- %WINDIR%\do8s3yh5\zjdhrmplsbzb
- C:\do8s3yh5\vuw177z2kp8qyeubbzchfq2.exe
- %WINDIR%\do8s3yh5\zjdhrmplsbzb
- 'sp##tnav.ru':80
- 'na##top.ru':80
- 'ha####nhalflion.net':80
- 'do##bate.cn':80
- 'ca#####eeitinthecup.org':80
- 'ch#####lefairclough.net':80
- 'an#####letimothyson.net':80
- 'pr####anabolikov.ru':80
- 'gu#####entimothyson.ru':80
- 'ge#####naaugustine.net':80
- 'an#####lefairbairn.net':80
- 'gu#####enfairbairn.net':80
- 'gu#####entimothyson.net':80
- 'an#####lefairclough.net':80
- 'an#####leaugustine.ru':80
- 'bu####rmansion.com':80
- 'si###ypeas.net':80
- 'sc#####epuzzlechess.org':80
- 'cl####portsmen.com':80
- 'ye####gdongwu.cn':80
- 'sc####ainbow.net':80
- 'pi##asia.cn':80
- 'ga####liongrass.net':80
- 'so####ryducks.com':80
- 'ta#####pielenreiten.org':80
- 'ga#####yundongyuan.cn':80
- 'ch#####nebeverley.net':80
- 'ch#####leaugustine.net':80
- 'un###lgrain.org':80
- 'ch####isportsmen.ru':80
- 'ka#######ayajivayapriroda.ru':80
- 'pr##card.ru':80
- 'cl#####ortswomen.com':80
- 'ag#####anabolics.com':80
- 'gr###factory.cn':80
- 'to###tosales.ru':80
- 'gu##155.cn':80
- 'ch#####netatyanna.net':80
- http://sp##tnav.ru/index.php
- http://na##top.ru/index.php
- http://ha####nhalflion.net/index.php
- http://do##bate.cn/index.php
- http://ca#####eeitinthecup.org/index.php
- http://ch#####lefairclough.net/index.php
- http://an#####letimothyson.net/index.php
- http://pr####anabolikov.ru/index.php
- http://gu#####entimothyson.ru/index.php
- http://ge#####naaugustine.net/index.php
- http://an#####lefairbairn.net/index.php
- http://gu#####enfairbairn.net/index.php
- http://gu#####entimothyson.net/index.php
- http://an#####lefairclough.net/index.php
- http://an#####leaugustine.ru/index.php
- http://bu####rmansion.com/index.php
- http://si###ypeas.net/index.php
- http://sc#####epuzzlechess.org/index.php
- http://cl####portsmen.com/index.php
- http://ye####gdongwu.cn/index.php
- http://sc####ainbow.net/index.php
- http://pi##asia.cn/index.php
- http://ga####liongrass.net/index.php
- http://so####ryducks.com/index.php
- http://ta#####pielenreiten.org/index.php
- http://ga#####yundongyuan.cn/index.php
- http://ch#####nebeverley.net/index.php
- http://ch#####leaugustine.net/index.php
- http://un###lgrain.org/index.php
- http://ch####isportsmen.ru/index.php
- http://ka#######ayajivayapriroda.ru/index.php
- http://pr##card.ru/index.php
- http://cl#####ortswomen.com/index.php
- http://ag#####anabolics.com/index.php
- http://gr###factory.cn/index.php
- http://to###tosales.ru/index.php
- http://gu##155.cn/index.php
- http://ch#####netatyanna.net/index.php
- DNS ASK sp##tnav.ru
- DNS ASK co#####cemackenzie.net
- DNS ASK ha#####tajermaine.net
- DNS ASK co#####cejermaine.net
- DNS ASK ch#####tafleurette.net
- DNS ASK ka#####rafleurette.ru
- DNS ASK ka#####rafleurette.net
- DNS ASK ch#####tawinthrop.net
- DNS ASK ka#####rawinthrop.net
- DNS ASK ch#####tamackenzie.net
- DNS ASK ka#####ramackenzie.net
- DNS ASK ch#####tajermaine.ru
- DNS ASK ka#####rajermaine.net
- DNS ASK ch#####tajermaine.net
- DNS ASK ja#####ynmackenzie.ru
- DNS ASK ma#####anfleurette.net
- DNS ASK pr#####lawinthrop.ru
- DNS ASK ma#####anwinthrop.net
- DNS ASK pr#####lawinthrop.net
- DNS ASK ma#####anmackenzie.net
- DNS ASK pr#####lamackenzie.net
- DNS ASK ma#####anjermaine.net
- DNS ASK pr#####lajermaine.net
- DNS ASK de#####stfleurette.ru
- DNS ASK de#####stfleurette.net
- DNS ASK la#####iafleurette.net
- DNS ASK de#####stwinthrop.net
- DNS ASK la#####iawinthrop.net
- DNS ASK de#####stmackenzie.net
- DNS ASK ha#####tamackenzie.ru
- DNS ASK ha#####tamackenzie.net
- DNS ASK co#####cewinthrop.net
- DNS ASK ha#####tawinthrop.net
- DNS ASK co#####cefleurette.net
- DNS ASK cl#####ndfleurette.net
- DNS ASK ch#####newinthrop.net
- DNS ASK cl#####ndwinthrop.ru
- DNS ASK cl#####ndwinthrop.net
- DNS ASK ch#####nemackenzie.net
- DNS ASK ch#####nejermaine.net
- DNS ASK cl#####ndmackenzie.net
- DNS ASK cr#####onfleurette.ru
- DNS ASK cl#####ndjermaine.net
- DNS ASK ja#####ynfleurette.net
- DNS ASK cr#####onfleurette.net
- DNS ASK cr#####onwinthrop.net
- DNS ASK ja#####ynwinthrop.net
- DNS ASK la#####iamackenzie.ru
- DNS ASK pr#####lafleurette.net
- DNS ASK cr#####onmackenzie.net
- DNS ASK cr#####onjermaine.net
- DNS ASK ja#####ynjermaine.net
- DNS ASK ro#####nefleurette.net
- DNS ASK ja#####tafleurette.net
- DNS ASK ro#####newinthrop.ru
- DNS ASK ro#####newinthrop.net
- DNS ASK ja#####tawinthrop.net
- DNS ASK ro#####nemackenzie.net
- DNS ASK ja#####tamackenzie.net
- DNS ASK ro#####nejermaine.net
- DNS ASK ja#####tajermaine.ru
- DNS ASK ja#####tajermaine.net
- DNS ASK ha#####tafleurette.net
- DNS ASK ch#####nefleurette.net
- DNS ASK ja#####ynmackenzie.net
- DNS ASK ch######ecollingwood.net
- DNS ASK ma#####anstephenson.net
- DNS ASK la#####iajermaine.net
- DNS ASK ja######acollingwood.net
- DNS ASK ro#####nestephenson.net
- DNS ASK ja#####tastephenson.net
- DNS ASK ha#####tachristinsen.ru
- DNS ASK ha######achristinsen.net
- DNS ASK co######echristinsen.net
- DNS ASK ha#####tagabrielson.net
- DNS ASK co#####cegabrielson.net
- DNS ASK ha######acollingwood.net
- DNS ASK co#####cecollingwood.ru
- DNS ASK co######ecollingwood.net
- DNS ASK ha#####tastephenson.net
- DNS ASK co#####cestephenson.net
- DNS ASK la#####iamackenzie.net
- DNS ASK ka######achristinsen.net
- DNS ASK ch#####tagabrielson.net
- DNS ASK ka#####ragabrielson.net
- DNS ASK ka######acollingwood.net
- DNS ASK ch#####tastephenson.net
- DNS ASK ma#####angabrielson.net
- DNS ASK pr#####lagabrielson.net
- DNS ASK pr######achristinsen.net
- DNS ASK ka#####rastephenson.ru
- DNS ASK ma######nchristinsen.net
- DNS ASK ka#####rastephenson.net
- DNS ASK ma#####ancollingwood.ru
- DNS ASK ma######ncollingwood.net
- DNS ASK pr######acollingwood.net
- DNS ASK ja#####tagabrielson.net
- DNS ASK ro######ecollingwood.net
- DNS ASK ja#####tagabrielson.ru
- DNS ASK ro#####negabrielson.net
- DNS ASK ja######achristinsen.net
- DNS ASK se######nchristinsen.net
- DNS ASK ch#####nagabrielson.ru
- DNS ASK ch#####nagabrielson.net
- DNS ASK se#####angabrielson.net
- DNS ASK ch######acollingwood.net
- DNS ASK se######ncollingwood.net
- DNS ASK ch#####nastephenson.net
- DNS ASK se#####anstephenson.ru
- DNS ASK se#####anstephenson.net
- DNS ASK ch######echristinsen.net
- DNS ASK cl######dchristinsen.net
- DNS ASK ch#####negabrielson.net
- DNS ASK cl#####ndgabrielson.net
- DNS ASK de#####stjermaine.net
- DNS ASK se#####anjermaine.net
- DNS ASK ch#####necollingwood.ru
- DNS ASK ch#####nestephenson.net
- DNS ASK cl#####ndstephenson.net
- DNS ASK cr######nchristinsen.net
- DNS ASK ja######nchristinsen.net
- DNS ASK ja#####ynchristinsen.ru
- DNS ASK cr#####ongabrielson.net
- DNS ASK ja#####yngabrielson.net
- DNS ASK cr######ncollingwood.net
- DNS ASK ja######ncollingwood.net
- DNS ASK cr#####onstephenson.ru
- DNS ASK cr#####onstephenson.net
- DNS ASK ja#####ynstephenson.net
- DNS ASK ro######echristinsen.net
- DNS ASK ch######achristinsen.net
- DNS ASK cl######dcollingwood.net
- DNS ASK ch#####tagabrielson.ru
- DNS ASK ch#####najermaine.net
- DNS ASK la#####iaesmeralda.net
- DNS ASK ch#####nebeverley.net
- DNS ASK ch#####netatyanna.net
- DNS ASK ch#####anfairclough.net
- DNS ASK an#####leaugustine.net
- DNS ASK cl#####ndesmeralda.net
- DNS ASK ch#####neethelinda.net
- DNS ASK ch#####naesmeralda.ru
- DNS ASK ch#####anaugustine.net
- DNS ASK gw#####refairbairn.net
- DNS ASK se#####anesmeralda.net
- DNS ASK ch#####nabeverley.net
- DNS ASK se#####anethelinda.ru
- DNS ASK ch#####naethelinda.net
- DNS ASK gr###factory.cn
- DNS ASK se#####anbeverley.net
- DNS ASK ch#####anfairbairn.net
- DNS ASK ch#####naesmeralda.net
- DNS ASK gw#####reaugustine.net
- DNS ASK cl#####ndethelinda.net
- DNS ASK cl#####ndtatyanna.ru
- DNS ASK se#####anethelinda.net
- DNS ASK ch#####antimothyson.net
- DNS ASK gu#####enfairclough.net
- DNS ASK se#####antatyanna.net
- DNS ASK ch#####nebeverley.ru
- DNS ASK ch#####natatyanna.net
- DNS ASK ch#####anfairbairn.ru
- DNS ASK gw#####retimothyson.net
- DNS ASK an#####lefairclough.net
- DNS ASK an#####leaugustine.ru
- DNS ASK gu#####entimothyson.net
- DNS ASK gu#####enfairbairn.net
- DNS ASK an#####lefairbairn.net
- DNS ASK sc####ainbow.net
- DNS ASK pi##asia.cn
- DNS ASK ga####liongrass.net
- DNS ASK so####ryducks.com
- DNS ASK ta#####pielenreiten.org
- DNS ASK ga#####yundongyuan.cn
- DNS ASK un###lgrain.org
- DNS ASK pr####anabolikov.ru
- DNS ASK gu##155.cn
- DNS ASK ch####isportsmen.ru
- DNS ASK ka#######ayajivayapriroda.ru
- DNS ASK pr##card.ru
- DNS ASK cl#####ortswomen.com
- DNS ASK ch#####neesmeralda.net
- DNS ASK gw#####refairclough.net
- DNS ASK ag#####anabolics.com
- DNS ASK cl####portsmen.com
- DNS ASK sc#####epuzzlechess.org
- DNS ASK bu####rmansion.com
- DNS ASK si###ypeas.net
- DNS ASK na##top.ru
- DNS ASK ha####nhalflion.net
- DNS ASK do##bate.cn
- DNS ASK ca#####eeitinthecup.org
- DNS ASK ch#####lefairclough.net
- DNS ASK an#####letimothyson.net
- DNS ASK gu#####entimothyson.ru
- DNS ASK ch#####leaugustine.net
- DNS ASK ge#####naaugustine.net
- DNS ASK to###tosales.ru
- DNS ASK ye####gdongwu.cn
- DNS ASK ja#####taethelinda.net
- DNS ASK se#####anmackenzie.net
- DNS ASK cl#####ndtatyanna.net
- DNS ASK ch#####tatatyanna.net
- DNS ASK ka#####raethelinda.ru
- DNS ASK ka#####ratatyanna.net
- DNS ASK ma#####anesmeralda.net
- DNS ASK pr#####laesmeralda.net
- DNS ASK ma#####anbeverley.ru
- DNS ASK ma#####anbeverley.net
- DNS ASK pr#####labeverley.net
- DNS ASK ma#####anethelinda.net
- DNS ASK pr#####laethelinda.net
- DNS ASK ma#####antatyanna.net
- DNS ASK pr#####latatyanna.ru
- DNS ASK pr#####latatyanna.net
- DNS ASK gu#####enaugustine.net
- DNS ASK de#####stesmeralda.net
- DNS ASK de#####stbeverley.net
- DNS ASK la#####iabeverley.net
- DNS ASK de#####stethelinda.ru
- DNS ASK de#####stethelinda.net
- DNS ASK la#####iaethelinda.net
- DNS ASK de#####sttatyanna.net
- DNS ASK la#####iatatyanna.net
- DNS ASK ch#####nafleurette.net
- DNS ASK se#####anfleurette.ru
- DNS ASK se#####anfleurette.net
- DNS ASK ch#####nawinthrop.net
- DNS ASK ch#####namackenzie.net
- DNS ASK se#####anwinthrop.net
- DNS ASK ka#####raethelinda.net
- DNS ASK ch#####taethelinda.net
- DNS ASK ch#####tabeverley.net
- DNS ASK ka#####rabeverley.net
- DNS ASK ka#####raesmeralda.net
- DNS ASK ja#####ynesmeralda.net
- DNS ASK cr#####onbeverley.net
- DNS ASK ja#####ynbeverley.net
- DNS ASK cr#####onethelinda.ru
- DNS ASK cr#####onethelinda.net
- DNS ASK ja#####ynethelinda.net
- DNS ASK cr#####ontatyanna.net
- DNS ASK ja#####yntatyanna.net
- DNS ASK ro#####neesmeralda.net
- DNS ASK ja#####taesmeralda.ru
- DNS ASK ja#####taesmeralda.net
- DNS ASK ro#####nebeverley.net
- DNS ASK ja#####tabeverley.net
- DNS ASK cl#####ndbeverley.net
- DNS ASK ch#####najermaine.ru
- DNS ASK ro#####neethelinda.net
- DNS ASK ro#####netatyanna.net
- DNS ASK ja#####tatatyanna.net
- DNS ASK ha#####taesmeralda.net
- DNS ASK co#####ceesmeralda.net
- DNS ASK ha#####tabeverley.net
- DNS ASK co#####cebeverley.ru
- DNS ASK co#####cebeverley.net
- DNS ASK ha#####taethelinda.net
- DNS ASK co#####ceethelinda.net
- DNS ASK ha#####tatatyanna.net
- DNS ASK co#####cetatyanna.net
- DNS ASK ch#####taesmeralda.ru
- DNS ASK ch#####taesmeralda.net
- DNS ASK cr#####onesmeralda.net
- DNS ASK ro#####netatyanna.ru
- DNS ASK pr#####lastephenson.net
- 'C:\do8s3yh5\vuw177z2kp8qyeubbzchfq2.exe'
- 'C:\do8s3yh5\qgeeavxdbvx.exe'
- 'C:\do8s3yh5\gnnjhqwry7pt.exe' "c:\do8s3yh5\qgeeavxdbvx.exe"