Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Wired Performance TPM Server Media' = 'C:\euzepdapsqvznr\appfhxwabddf.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Trap WebClient Endpoint Config] 'Start' = '00000002'
- 'C:\euzepdapsqvznr\btkkyjvfwc.exe' "c:\euzepdapsqvznr\appfhxwabddf.exe"
- 'C:\euzepdapsqvznr\appfhxwabddf.exe'
- 'C:\euzepdapsqvznr\oj2ulkrtaiivukaq.exe'
- C:\euzepdapsqvznr\appfhxwabddf.exe
- C:\euzepdapsqvznr\btkkyjvfwc.exe
- C:\euzepdapsqvznr\vxheea
- %WINDIR%\euzepdapsqvznr\euxxfqs9bvtx
- C:\euzepdapsqvznr\euxxfqs9bvtx
- C:\euzepdapsqvznr\oj2ulkrtaiivukaq.exe
- C:\euzepdapsqvznr\btkkyjvfwc.exe
- C:\euzepdapsqvznr\appfhxwabddf.exe
- C:\euzepdapsqvznr\oj2ulkrtaiivukaq.exe
- %WINDIR%\euzepdapsqvznr\euxxfqs9bvtx
- 'ra####caught.net':80
- 'mo####gcaught.net':80
- 'ra####president.net':80
- 'mo#####president.net':80
- 'st####estrong.net':80
- 'hi####ytrouble.net':80
- 'st#####president.net':80
- 'hi####ystrong.net':80
- 'st####etrouble.net':80
- 'tw####president.net':80
- 'mi####caught.net':80
- 'tw####trouble.net':80
- 'mi####president.net':80
- 'tw####caught.net':80
- 'ra####trouble.net':80
- 'mo####gtrouble.net':80
- 'ra####strong.net':80
- 'mo####gstrong.net':80
- 'hi#####president.net':80
- 'cl####rouble.net':80
- 'cl####resident.net':80
- 'we####rcaught.net':80
- 'cl###strong.net':80
- 'cl###caught.net':80
- 'th###master.net':80
- 'pr####tmaster.net':80
- 'th####ontinue.net':80
- 'pr####tcontinue.net':80
- 'am####strong.net':80
- 'we####rstrong.net':80
- 'st####ecaught.net':80
- 'hi####ycaught.net':80
- 'am####trouble.net':80
- 'we#####president.net':80
- 'am####caught.net':80
- 'we####rtrouble.net':80
- 'am####president.net':80
- 'pr####tstrong.net':80
- 'th####rouble.net':80
- 'cl###arrive.net':80
- 'th###strong.net':80
- 'pr####ttrouble.net':80
- 'th###caught.net':80
- 'pr####tcaught.net':80
- 'th####resident.net':80
- 'pr#####president.net':80
- 'th###supply.net':80
- 'cl###supply.net':80
- 'am####arrive.net':80
- 'we####rarrive.net':80
- 'th####istance.net':80
- 'cl###office.net':80
- 'th###arrive.net':80
- 'cl####istance.net':80
- 'th###office.net':80
- 'ch###strong.net':80
- 'of####resident.net':80
- 'al####resident.net':80
- 'of####rouble.net':80
- 'al####rouble.net':80
- 'of###caught.net':80
- 'tw####strong.net':80
- 'mi####trouble.net':80
- 'al###caught.net':80
- 'mi####strong.net':80
- 'co####etrouble.net':80
- 'ch####resident.net':80
- 'co####estrong.net':80
- 'ch####rouble.net':80
- 'co#####president.net':80
- 'of###strong.net':80
- 'al###strong.net':80
- 'ch###caught.net':80
- 'co####ecaught.net':80
- http://ra####caught.net/index.php?me########
- http://mo####gcaught.net/index.php?me########
- http://ra####president.net/index.php?me########
- http://mo#####president.net/index.php?me########
- http://st####estrong.net/index.php?me########
- http://hi####ytrouble.net/index.php?me########
- http://st#####president.net/index.php?me########
- http://hi####ystrong.net/index.php?me########
- http://st####etrouble.net/index.php?me########
- http://tw####president.net/index.php?me########
- http://mi####caught.net/index.php?me########
- http://tw####trouble.net/index.php?me########
- http://mi####president.net/index.php?me########
- http://tw####caught.net/index.php?me########
- http://ra####trouble.net/index.php?me########
- http://mo####gtrouble.net/index.php?me########
- http://ra####strong.net/index.php?me########
- http://mo####gstrong.net/index.php?me########
- http://hi#####president.net/index.php?me########
- http://cl####rouble.net/index.php?me########
- http://cl####resident.net/index.php?me########
- http://we####rcaught.net/index.php?me########
- http://cl###strong.net/index.php?me########
- http://cl###caught.net/index.php?me########
- http://th###master.net/index.php?me########
- http://pr####tmaster.net/index.php?me########
- http://th####ontinue.net/index.php?me########
- http://pr####tcontinue.net/index.php?me########
- http://am####strong.net/index.php?me########
- http://we####rstrong.net/index.php?me########
- http://st####ecaught.net/index.php?me########
- http://hi####ycaught.net/index.php?me########
- http://am####trouble.net/index.php?me########
- http://we#####president.net/index.php?me########
- http://am####caught.net/index.php?me########
- http://we####rtrouble.net/index.php?me########
- http://am####president.net/index.php?me########
- http://pr####tstrong.net/index.php?me########
- http://th####rouble.net/index.php?me########
- http://cl###arrive.net/index.php?me########
- http://th###strong.net/index.php?me########
- http://pr####ttrouble.net/index.php?me########
- http://th###caught.net/index.php?me########
- http://pr####tcaught.net/index.php?me########
- http://th####resident.net/index.php?me########
- http://pr#####president.net/index.php?me########
- http://th###supply.net/index.php?me########
- http://cl###supply.net/index.php?me########
- http://am####arrive.net/index.php?me########
- http://we####rarrive.net/index.php?me########
- http://th####istance.net/index.php?me########
- http://cl###office.net/index.php?me########
- http://th###arrive.net/index.php?me########
- http://cl####istance.net/index.php?me########
- http://th###office.net/index.php?me########
- http://ch###strong.net/index.php?me########
- http://of####resident.net/index.php?me########
- http://al####resident.net/index.php?me########
- http://of####rouble.net/index.php?me########
- http://al####rouble.net/index.php?me########
- http://of###caught.net/index.php?me########
- http://tw####strong.net/index.php?me########
- http://mi####trouble.net/index.php?me########
- http://al###caught.net/index.php?me########
- http://mi####strong.net/index.php?me########
- http://co####etrouble.net/index.php?me########
- http://ch####resident.net/index.php?me########
- http://co####estrong.net/index.php?me########
- http://ch####rouble.net/index.php?me########
- http://co#####president.net/index.php?me########
- http://of###strong.net/index.php?me########
- http://al###strong.net/index.php?me########
- http://ch###caught.net/index.php?me########
- http://co####ecaught.net/index.php?me########
- DNS ASK mo####gcaught.net
- DNS ASK st####estrong.net
- DNS ASK mo#####president.net
- DNS ASK ra####caught.net
- DNS ASK hi####ystrong.net
- DNS ASK st#####president.net
- DNS ASK hi#####president.net
- DNS ASK st####etrouble.net
- DNS ASK hi####ytrouble.net
- DNS ASK mi####caught.net
- DNS ASK tw####caught.net
- DNS ASK mi####president.net
- DNS ASK tw####president.net
- DNS ASK ra####strong.net
- DNS ASK mo####gtrouble.net
- DNS ASK ra####president.net
- DNS ASK mo####gstrong.net
- DNS ASK ra####trouble.net
- DNS ASK st####ecaught.net
- DNS ASK cl####resident.net
- DNS ASK cl###caught.net
- DNS ASK cl###strong.net
- DNS ASK cl####rouble.net
- DNS ASK th####ontinue.net
- DNS ASK pr####tmaster.net
- DNS ASK th###wonder.net
- DNS ASK pr####tcontinue.net
- DNS ASK th###master.net
- DNS ASK we####rstrong.net
- DNS ASK am####trouble.net
- DNS ASK hi####ycaught.net
- DNS ASK am####strong.net
- DNS ASK we####rtrouble.net
- DNS ASK am####caught.net
- DNS ASK we####rcaught.net
- DNS ASK am####president.net
- DNS ASK we#####president.net
- DNS ASK tw####trouble.net
- DNS ASK pr####tstrong.net
- DNS ASK th####rouble.net
- DNS ASK cl###arrive.net
- DNS ASK th###strong.net
- DNS ASK pr####ttrouble.net
- DNS ASK th###caught.net
- DNS ASK pr####tcaught.net
- DNS ASK th####resident.net
- DNS ASK pr#####president.net
- DNS ASK th###supply.net
- DNS ASK cl###supply.net
- DNS ASK am####arrive.net
- DNS ASK we####rarrive.net
- DNS ASK th####istance.net
- DNS ASK cl###office.net
- DNS ASK th###arrive.net
- DNS ASK cl####istance.net
- DNS ASK th###office.net
- DNS ASK ch###strong.net
- DNS ASK of####resident.net
- DNS ASK al####resident.net
- DNS ASK of####rouble.net
- DNS ASK al####rouble.net
- DNS ASK of###caught.net
- DNS ASK tw####strong.net
- DNS ASK mi####trouble.net
- DNS ASK al###caught.net
- DNS ASK mi####strong.net
- DNS ASK co####etrouble.net
- DNS ASK ch####resident.net
- DNS ASK co####estrong.net
- DNS ASK ch####rouble.net
- DNS ASK co#####president.net
- DNS ASK of###strong.net
- DNS ASK al###strong.net
- DNS ASK ch###caught.net
- DNS ASK co####ecaught.net
- ClassName: 'Shell_TrayWnd' WindowName: ''