Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NGEN Visual Notification Thread Plug Alerts' = 'C:\xccwswnbnwnxi\rimjlwagu.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Connection WLAN SNMP Redirector NGEN] 'Start' = '00000002'
- 'C:\xccwswnbnwnxi\kylvoisxpuie.exe' "c:\xccwswnbnwnxi\rimjlwagu.exe"
- 'C:\xccwswnbnwnxi\rimjlwagu.exe'
- 'C:\xccwswnbnwnxi\xb61g36n6nirgrtbhbjju.exe'
- C:\xccwswnbnwnxi\rimjlwagu.exe
- C:\xccwswnbnwnxi\kylvoisxpuie.exe
- C:\xccwswnbnwnxi\fkkqwgqnrcfz
- %WINDIR%\xccwswnbnwnxi\abhnrdy40v
- C:\xccwswnbnwnxi\abhnrdy40v
- C:\xccwswnbnwnxi\xb61g36n6nirgrtbhbjju.exe
- C:\xccwswnbnwnxi\kylvoisxpuie.exe
- C:\xccwswnbnwnxi\rimjlwagu.exe
- C:\xccwswnbnwnxi\xb61g36n6nirgrtbhbjju.exe
- %WINDIR%\xccwswnbnwnxi\abhnrdy40v
- 'se####lbuilt.net':80
- 'ma####albuilt.net':80
- 'se####lapple.net':80
- 'ma####alapple.net':80
- 'se####measure.net':80
- 'la####easure.net':80
- 'se####lcarry.net':80
- 'ma####alcarry.net':80
- 'ma####alfather.net':80
- 'pr####lyapple.net':80
- 'sw###built.net':80
- 'pr####lyfather.net':80
- 'sw###apple.net':80
- 'pr####lycarry.net':80
- 'se####lfather.net':80
- 'pr####lybuilt.net':80
- 'sw###carry.net':80
- 'se####dinner.net':80
- 'si####circle.net':80
- 'mo####circle.net':80
- 'si####afraid.net':80
- 'mo####afraid.net':80
- 'mo####indinner.net':80
- 'po####ledinner.net':80
- 'mo####inmeasure.net':80
- 'po####lemeasure.net':80
- 'mo####dinner.net':80
- 'la###afraid.net':80
- 'se####circle.net':80
- 'la###dinner.net':80
- 'se####afraid.net':80
- 'mo####measure.net':80
- 'si####dinner.net':80
- 'la###circle.net':80
- 'si####measure.net':80
- 'sw###father.net':80
- 'po####lecarry.net':80
- 'pe####sfather.net':80
- 'po####lebuilt.net':80
- 'mo####incarry.net':80
- 'wi###wapple.net':80
- 'pe####sbuilt.net':80
- 'wi####father.net':80
- 'pe####sapple.net':80
- 'mo####inbuilt.net':80
- 'si###ecarry.net':80
- 'mo###rcarry.net':80
- 'si###ebuilt.net':80
- 'mo###rbuilt.net':80
- 'mo####inapple.net':80
- 'po####leapple.net':80
- 'mo####infather.net':80
- 'po####lefather.net':80
- 'wi###wbuilt.net':80
- 'fi###happle.net':80
- 'le###apple.net':80
- 'fi####father.net':80
- 'le###father.net':80
- 'fi###hcarry.net':80
- 'le###carry.net':80
- 'fi###hbuilt.net':80
- 'le###built.net':80
- 'su####tcarry.net':80
- 'su####tfather.net':80
- 'wi###rapple.net':80
- 'pe####scarry.net':80
- 'wi###wcarry.net':80
- 'su####tbuilt.net':80
- 'wi###rcarry.net':80
- 'su####tapple.net':80
- 'wi###rbuilt.net':80
- http://se####lbuilt.net/index.php
- http://ma####albuilt.net/index.php
- http://se####lapple.net/index.php
- http://ma####alapple.net/index.php
- http://se####measure.net/index.php
- http://la####easure.net/index.php
- http://se####lcarry.net/index.php
- http://ma####alcarry.net/index.php
- http://ma####alfather.net/index.php
- http://pr####lyapple.net/index.php
- http://sw###built.net/index.php
- http://pr####lyfather.net/index.php
- http://sw###apple.net/index.php
- http://pr####lycarry.net/index.php
- http://se####lfather.net/index.php
- http://pr####lybuilt.net/index.php
- http://sw###carry.net/index.php
- http://se####dinner.net/index.php
- http://si####circle.net/index.php
- http://mo####circle.net/index.php
- http://si####afraid.net/index.php
- http://mo####afraid.net/index.php
- http://mo####indinner.net/index.php
- http://po####ledinner.net/index.php
- http://mo####inmeasure.net/index.php
- http://po####lemeasure.net/index.php
- http://mo####dinner.net/index.php
- http://la###afraid.net/index.php
- http://se####circle.net/index.php
- http://la###dinner.net/index.php
- http://se####afraid.net/index.php
- http://mo####measure.net/index.php
- http://si####dinner.net/index.php
- http://la###circle.net/index.php
- http://si####measure.net/index.php
- http://sw###father.net/index.php
- http://po####lecarry.net/index.php
- http://pe####sfather.net/index.php
- http://po####lebuilt.net/index.php
- http://mo####incarry.net/index.php
- http://wi###wapple.net/index.php
- http://pe####sbuilt.net/index.php
- http://wi####father.net/index.php
- http://pe####sapple.net/index.php
- http://mo####inbuilt.net/index.php
- http://si###ecarry.net/index.php
- http://mo###rcarry.net/index.php
- http://si###ebuilt.net/index.php
- http://mo###rbuilt.net/index.php
- http://mo####inapple.net/index.php
- http://po####leapple.net/index.php
- http://mo####infather.net/index.php
- http://po####lefather.net/index.php
- http://wi###wbuilt.net/index.php
- http://fi###happle.net/index.php
- http://le###apple.net/index.php
- http://fi####father.net/index.php
- http://le###father.net/index.php
- http://fi###hcarry.net/index.php
- http://le###carry.net/index.php
- http://fi###hbuilt.net/index.php
- http://le###built.net/index.php
- http://su####tcarry.net/index.php
- http://su####tfather.net/index.php
- http://wi###rapple.net/index.php
- http://pe####scarry.net/index.php
- http://wi###wcarry.net/index.php
- http://su####tbuilt.net/index.php
- http://wi###rcarry.net/index.php
- http://su####tapple.net/index.php
- http://wi###rbuilt.net/index.php
- DNS ASK se####lbuilt.net
- DNS ASK ma####albuilt.net
- DNS ASK se####lapple.net
- DNS ASK ma####alapple.net
- DNS ASK se####lcarry.net
- DNS ASK la####easure.net
- DNS ASK se####dinner.net
- DNS ASK ma####alcarry.net
- DNS ASK se####measure.net
- DNS ASK pr####lyapple.net
- DNS ASK sw###built.net
- DNS ASK pr####lyfather.net
- DNS ASK sw###apple.net
- DNS ASK pr####lybuilt.net
- DNS ASK se####lfather.net
- DNS ASK ma####alfather.net
- DNS ASK sw###carry.net
- DNS ASK pr####lycarry.net
- DNS ASK si####circle.net
- DNS ASK mo####circle.net
- DNS ASK si####afraid.net
- DNS ASK mo####afraid.net
- DNS ASK mo####inmeasure.net
- DNS ASK po####ledinner.net
- DNS ASK mo####inafraid.net
- DNS ASK po####lemeasure.net
- DNS ASK mo####indinner.net
- DNS ASK la###afraid.net
- DNS ASK se####circle.net
- DNS ASK la###dinner.net
- DNS ASK se####afraid.net
- DNS ASK la###circle.net
- DNS ASK si####dinner.net
- DNS ASK mo####dinner.net
- DNS ASK si####measure.net
- DNS ASK mo####measure.net
- DNS ASK po####lecarry.net
- DNS ASK pe####sfather.net
- DNS ASK po####lebuilt.net
- DNS ASK mo####incarry.net
- DNS ASK wi####father.net
- DNS ASK pe####sbuilt.net
- DNS ASK wi###wbuilt.net
- DNS ASK pe####sapple.net
- DNS ASK wi###wapple.net
- DNS ASK si###ecarry.net
- DNS ASK mo###rcarry.net
- DNS ASK si###ebuilt.net
- DNS ASK mo###rbuilt.net
- DNS ASK mo####infather.net
- DNS ASK po####leapple.net
- DNS ASK mo####inbuilt.net
- DNS ASK po####lefather.net
- DNS ASK mo####inapple.net
- DNS ASK fi###happle.net
- DNS ASK le###apple.net
- DNS ASK fi####father.net
- DNS ASK le###father.net
- DNS ASK fi###hbuilt.net
- DNS ASK le###carry.net
- DNS ASK sw###father.net
- DNS ASK le###built.net
- DNS ASK fi###hcarry.net
- DNS ASK su####tfather.net
- DNS ASK wi###rapple.net
- DNS ASK pe####scarry.net
- DNS ASK wi###wcarry.net
- DNS ASK su####tapple.net
- DNS ASK wi###rcarry.net
- DNS ASK su####tcarry.net
- DNS ASK wi###rbuilt.net
- DNS ASK su####tbuilt.net
- ClassName: 'Shell_TrayWnd' WindowName: ''