Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Session Compatibility Protected' = 'C:\taenu1oan\zbjg0iz2.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Video IPsec IKE Adapter Redirector PNRP Fax] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Video IPsec IKE Adapter Redirector PNRP Fax] 'ImagePath' = 'C:\taenu1oan\zbjg0iz2.exe'
- %WINDIR%\taenu1oan\cvxczqct
- C:\taenu1oan\cvxczqct
- C:\taenu1oan\cnqu4cjg2o4ikmtaaofdm.exe
- C:\taenu1oan\zbjg0iz2.exe
- C:\taenu1oan\eu87cbfg.exe
- C:\taenu1oan\nkjgijfzo
- C:\taenu1oan\zbjg0iz2.exe
- C:\taenu1oan\eu87cbfg.exe
- %WINDIR%\taenu1oan\cvxczqct
- C:\taenu1oan\cnqu4cjg2o4ikmtaaofdm.exe
- %WINDIR%\taenu1oan\cvxczqct
- 'ge#####naannabeth.net':80
- 'al#####rapatterson.net':80
- 'ma#####nablackwood.net':80
- 'al#####rablackwood.net':80
- 'ma#####nasherburne.net':80
- 'al#####rasherburne.net':80
- 'am#####neunderhill.net':80
- 'ce#####neunderhill.net':80
- 'am#####nepatterson.net':80
- 'ce#####nepatterson.net':80
- 'am#####neblackwood.net':80
- 'al#####raunderhill.net':80
- 'ma#####napatterson.net':80
- 'ce#####neblackwood.net':80
- 'ch#####neunderhill.net':80
- 'sh#####leunderhill.net':80
- 'ch#####nepatterson.net':80
- 'sh#####lepatterson.net':80
- 'ch#####neblackwood.net':80
- 'sh#####leblackwood.net':80
- 'ch#####nesherburne.net':80
- 'sh#####lesherburne.net':80
- 'ar#####ldunderhill.net':80
- 'za#####ahunderhill.net':80
- 'am#####nesherburne.net':80
- 'ce#####nesherburne.net':80
- 'ma#####naunderhill.net':80
- 'al#####ersherburne.net':80
- 'ka#####nesherburne.net':80
- 'ge#####namadoline.net':80
- 'ch#####lemadoline.net':80
- 'an#####lecharisse.net':80
- 'gu#####encharisse.net':80
- 'an#####lecharlene.net':80
- 'gu#####encharlene.net':80
- 'an#####leannabeth.net':80
- 'gu#####enannabeth.net':80
- 'an#####lemadoline.net':80
- 'gu#####enmadoline.net':80
- 'gw#####recharisse.net':80
- 'ch#####leannabeth.net':80
- 'ch#####ancharisse.net':80
- 'ch#####ancharlene.net':80
- 'gw#####reannabeth.net':80
- 'ch#####anannabeth.net':80
- 'gw#####remadoline.net':80
- 'ch#####anmadoline.net':80
- 'ka#####neunderhill.net':80
- 'al#####erunderhill.net':80
- 'ka#####nepatterson.net':80
- 'al#####erpatterson.net':80
- 'ka#####neblackwood.net':80
- 'al#####erblackwood.net':80
- 'gw#####recharlene.net':80
- 'ar#####ldpatterson.net':80
- 'za#####ahpatterson.net':80
- http://ge#####naannabeth.net/index.php
- http://al#####rapatterson.net/index.php
- http://ma#####nablackwood.net/index.php
- http://al#####rablackwood.net/index.php
- http://ma#####nasherburne.net/index.php
- http://al#####rasherburne.net/index.php
- http://am#####neunderhill.net/index.php
- http://ce#####neunderhill.net/index.php
- http://am#####nepatterson.net/index.php
- http://ce#####nepatterson.net/index.php
- http://am#####neblackwood.net/index.php
- http://al#####raunderhill.net/index.php
- http://ma#####napatterson.net/index.php
- http://ce#####neblackwood.net/index.php
- http://ch#####neunderhill.net/index.php
- http://sh#####leunderhill.net/index.php
- http://ch#####nepatterson.net/index.php
- http://sh#####lepatterson.net/index.php
- http://ch#####neblackwood.net/index.php
- http://sh#####leblackwood.net/index.php
- http://ch#####nesherburne.net/index.php
- http://sh#####lesherburne.net/index.php
- http://ar#####ldunderhill.net/index.php
- http://za#####ahunderhill.net/index.php
- http://am#####nesherburne.net/index.php
- http://ce#####nesherburne.net/index.php
- http://ma#####naunderhill.net/index.php
- http://al#####ersherburne.net/index.php
- http://ka#####nesherburne.net/index.php
- http://ge#####namadoline.net/index.php
- http://ch#####lemadoline.net/index.php
- http://an#####lecharisse.net/index.php
- http://gu#####encharisse.net/index.php
- http://an#####lecharlene.net/index.php
- http://gu#####encharlene.net/index.php
- http://an#####leannabeth.net/index.php
- http://gu#####enannabeth.net/index.php
- http://an#####lemadoline.net/index.php
- http://gu#####enmadoline.net/index.php
- http://gw#####recharisse.net/index.php
- http://ch#####leannabeth.net/index.php
- http://ch#####ancharisse.net/index.php
- http://ch#####ancharlene.net/index.php
- http://gw#####reannabeth.net/index.php
- http://ch#####anannabeth.net/index.php
- http://gw#####remadoline.net/index.php
- http://ch#####anmadoline.net/index.php
- http://ka#####neunderhill.net/index.php
- http://al#####erunderhill.net/index.php
- http://ka#####nepatterson.net/index.php
- http://al#####erpatterson.net/index.php
- http://ka#####neblackwood.net/index.php
- http://al#####erblackwood.net/index.php
- http://gw#####recharlene.net/index.php
- http://ar#####ldpatterson.net/index.php
- http://za#####ahpatterson.net/index.php
- DNS ASK ge#####naannabeth.net
- DNS ASK ma#####napatterson.net
- DNS ASK al#####rapatterson.net
- DNS ASK ma#####nablackwood.net
- DNS ASK al#####rablackwood.net
- DNS ASK ma#####nasherburne.net
- DNS ASK al#####rasherburne.net
- DNS ASK am#####neunderhill.net
- DNS ASK ce#####neunderhill.net
- DNS ASK am#####nepatterson.net
- DNS ASK ce#####nepatterson.net
- DNS ASK am#####neblackwood.net
- DNS ASK ce#####neblackwood.net
- DNS ASK am#####nesherburne.net
- DNS ASK ce#####nesherburne.net
- DNS ASK ch#####neunderhill.net
- DNS ASK sh#####leunderhill.net
- DNS ASK ch#####nepatterson.net
- DNS ASK sh#####lepatterson.net
- DNS ASK ch#####neblackwood.net
- DNS ASK sh#####leblackwood.net
- DNS ASK ch#####nesherburne.net
- DNS ASK sh#####lesherburne.net
- DNS ASK ar#####ldunderhill.net
- DNS ASK za#####ahunderhill.net
- DNS ASK ar#####ldpatterson.net
- DNS ASK al#####raunderhill.net
- DNS ASK za#####ahpatterson.net
- DNS ASK ma#####naunderhill.net
- DNS ASK ka#####nesherburne.net
- DNS ASK ch#####leannabeth.net
- DNS ASK ge#####namadoline.net
- DNS ASK ch#####lemadoline.net
- DNS ASK an#####lecharisse.net
- DNS ASK gu#####encharisse.net
- DNS ASK an#####lecharlene.net
- DNS ASK gu#####encharlene.net
- DNS ASK an#####leannabeth.net
- DNS ASK gu#####enannabeth.net
- DNS ASK an#####lemadoline.net
- DNS ASK gu#####enmadoline.net
- DNS ASK gw#####recharisse.net
- DNS ASK ch#####ancharisse.net
- DNS ASK gw#####recharlene.net
- DNS ASK ch#####ancharlene.net
- DNS ASK gw#####reannabeth.net
- DNS ASK ch#####anannabeth.net
- DNS ASK gw#####remadoline.net
- DNS ASK ch#####anmadoline.net
- DNS ASK ka#####neunderhill.net
- DNS ASK al#####erunderhill.net
- DNS ASK ka#####nepatterson.net
- DNS ASK al#####erpatterson.net
- DNS ASK ka#####neblackwood.net
- DNS ASK al#####erblackwood.net
- DNS ASK al#####ersherburne.net
- DNS ASK ar#####ldblackwood.net
- 'C:\taenu1oan\cnqu4cjg2o4ikmtaaofdm.exe'
- 'C:\taenu1oan\zbjg0iz2.exe'
- 'C:\taenu1oan\eu87cbfg.exe' "c:\taenu1oan\zbjg0iz2.exe"