Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Collector Transaction PnP-X Smart' = 'C:\zsvzdmtodijtlv\lrovqclefya.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows iSCSI Topology Mapper] 'Start' = '00000002'
- 'C:\zsvzdmtodijtlv\xwjktvvjxkp.exe' "c:\zsvzdmtodijtlv\lrovqclefya.exe"
- 'C:\zsvzdmtodijtlv\lrovqclefya.exe'
- 'C:\zsvzdmtodijtlv\tyxl3biyoma7ym6a.exe'
- C:\zsvzdmtodijtlv\lrovqclefya.exe
- C:\zsvzdmtodijtlv\xwjktvvjxkp.exe
- C:\zsvzdmtodijtlv\gs7sgp
- %WINDIR%\zsvzdmtodijtlv\uccfxy
- C:\zsvzdmtodijtlv\uccfxy
- C:\zsvzdmtodijtlv\tyxl3biyoma7ym6a.exe
- C:\zsvzdmtodijtlv\xwjktvvjxkp.exe
- C:\zsvzdmtodijtlv\lrovqclefya.exe
- C:\zsvzdmtodijtlv\tyxl3biyoma7ym6a.exe
- %WINDIR%\zsvzdmtodijtlv\uccfxy
- 'wo####rouble.net':80
- 're####erstrong.net':80
- 'wo####resident.net':80
- 're####ertrouble.net':80
- 'fo####caught.net':80
- 'in#####epresident.net':80
- 'wo###strong.net':80
- 'in####secaught.net':80
- 're#####rpresident.net':80
- 'hu####dmaster.net':80
- 'jo####ymaster.net':80
- 'hu####dwonder.net':80
- 'jo####ywonder.net':80
- 're####ercaught.net':80
- 'wo###caught.net':80
- 'hu####dcontinue.net':80
- 'jo####ycontinue.net':80
- 'th####hstrong.net':80
- 'ef####strong.net':80
- 'th####htrouble.net':80
- 'ef####trouble.net':80
- 'su####president.net':80
- 'wi####president.net':80
- 'su####caught.net':80
- 'wi####caught.net':80
- 'ef####president.net':80
- 'fo####trouble.net':80
- 'in####sestrong.net':80
- 'fo####president.net':80
- 'in####setrouble.net':80
- 'ef####caught.net':80
- 'th#####president.net':80
- 'fo####strong.net':80
- 'th####hcaught.net':80
- http://wo####rouble.net/index.php?me########
- http://re####erstrong.net/index.php?me########
- http://wo####resident.net/index.php?me########
- http://re####ertrouble.net/index.php?me########
- http://fo####caught.net/index.php?me########
- http://in#####epresident.net/index.php?me########
- http://wo###strong.net/index.php?me########
- http://in####secaught.net/index.php?me########
- http://re#####rpresident.net/index.php?me########
- http://hu####dmaster.net/index.php?me########
- http://jo####ymaster.net/index.php?me########
- http://hu####dwonder.net/index.php?me########
- http://jo####ywonder.net/index.php?me########
- http://re####ercaught.net/index.php?me########
- http://wo###caught.net/index.php?me########
- http://hu####dcontinue.net/index.php?me########
- http://jo####ycontinue.net/index.php?me########
- http://th####hstrong.net/index.php?me########
- http://ef####strong.net/index.php?me########
- http://th####htrouble.net/index.php?me########
- http://ef####trouble.net/index.php?me########
- http://su####president.net/index.php?me########
- http://wi####president.net/index.php?me########
- http://su####caught.net/index.php?me########
- http://wi####caught.net/index.php?me########
- http://ef####president.net/index.php?me########
- http://fo####trouble.net/index.php?me########
- http://in####sestrong.net/index.php?me########
- http://fo####president.net/index.php?me########
- http://in####setrouble.net/index.php?me########
- http://ef####caught.net/index.php?me########
- http://th#####president.net/index.php?me########
- http://fo####strong.net/index.php?me########
- http://th####hcaught.net/index.php?me########
- DNS ASK re####ertrouble.net
- DNS ASK wo####rouble.net
- DNS ASK re#####rpresident.net
- DNS ASK wo####resident.net
- DNS ASK in####secaught.net
- DNS ASK fo####caught.net
- DNS ASK re####erstrong.net
- DNS ASK wo###strong.net
- DNS ASK wo###caught.net
- DNS ASK jo####ywonder.net
- DNS ASK hu####dmaster.net
- DNS ASK jo####ydiscover.net
- DNS ASK hu####dwonder.net
- DNS ASK jo####ycontinue.net
- DNS ASK re####ercaught.net
- DNS ASK jo####ymaster.net
- DNS ASK hu####dcontinue.net
- DNS ASK in#####epresident.net
- DNS ASK th####hstrong.net
- DNS ASK ef####strong.net
- DNS ASK th####htrouble.net
- DNS ASK ef####trouble.net
- DNS ASK su####president.net
- DNS ASK wi####president.net
- DNS ASK su####caught.net
- DNS ASK wi####caught.net
- DNS ASK ef####president.net
- DNS ASK fo####trouble.net
- DNS ASK in####sestrong.net
- DNS ASK fo####president.net
- DNS ASK in####setrouble.net
- DNS ASK ef####caught.net
- DNS ASK th#####president.net
- DNS ASK fo####strong.net
- DNS ASK th####hcaught.net
- ClassName: 'Shell_TrayWnd' WindowName: ''