Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Launcher Connection Multimedia' = 'C:\dylxxmglhgobh\lsfmayfdgww.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Image Reports Process Fax PnP-X Host] 'ImagePath' = 'C:\dylxxmglhgobh\lsfmayfdgww.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Image Reports Process Fax PnP-X Host] 'Start' = '00000002'
- 'C:\dylxxmglhgobh\qfhonfnzsf.exe' "c:\dylxxmglhgobh\lsfmayfdgww.exe"
- 'C:\dylxxmglhgobh\lsfmayfdgww.exe'
- 'C:\dylxxmglhgobh\bewyh2hzlcbooedsavh.exe'
- C:\dylxxmglhgobh\lsfmayfdgww.exe
- C:\dylxxmglhgobh\qfhonfnzsf.exe
- C:\dylxxmglhgobh\bewyh2hzlcbooedsavh.exe
- %WINDIR%\dylxxmglhgobh\jgovadvp
- C:\dylxxmglhgobh\jgovadvp
- C:\dylxxmglhgobh\qfhonfnzsf.exe
- C:\dylxxmglhgobh\lsfmayfdgww.exe
- C:\dylxxmglhgobh\bewyh2hzlcbooedsavh.exe
- %WINDIR%\dylxxmglhgobh\jgovadvp
- 'ma####enumber.net':80
- 'pe####position.net':80
- 'be####epartial.net':80
- 'pe####number.net':80
- 'ma####eposition.net':80
- 'pe####partial.net':80
- 'ma####epartial.net':80
- 'pe####strike.net':80
- 'ma####estrike.net':80
- 'ex####partial.net':80
- 'en####hdelight.net':80
- 'ex####number.net':80
- 'en#####electricity.net':80
- 'ei####delight.net':80
- 'be####enumber.net':80
- 'ex####strike.net':80
- 'be####estrike.net':80
- 'ex####position.net':80
- 'be####eposition.net':80
- 'su####number.net':80
- 'ri###strike.net':80
- 'wh####rpartial.net':80
- 'ri####osition.net':80
- 'wh####rstrike.net':80
- 'ri####artial.net':80
- 'fi####position.net':80
- 'th####position.net':80
- 'fi####number.net':80
- 'th####number.net':80
- 'wh####rposition.net':80
- 'fo####nposition.net':80
- 'su####strike.net':80
- 'fo####nnumber.net':80
- 'su####position.net':80
- 'fo####nstrike.net':80
- 'wh####rnumber.net':80
- 'ri###number.net':80
- 'su####partial.net':80
- 'fo####npartial.net':80
- 'fi###etrain.net':80
- 'th###htrain.net':80
- 'fi####borrow.net':80
- 'th####borrow.net':80
- 'fi#####lectricity.net':80
- 'th####delight.net':80
- 'pi####eborrow.net':80
- 'th#####lectricity.net':80
- 'fi####delight.net':80
- 'ri####elight.net':80
- 'wh####rborrow.net':80
- 'ri###borrow.net':80
- 'su####delight.net':80
- 'fo####ndelight.net':80
- 'wh####rtrain.net':80
- 'ri#####ectricity.net':80
- 'wh####rdelight.net':80
- 'ri###train.net':80
- 'wh#####electricity.net':80
- 'ci####tteborrow.net':80
- 'ch####endelight.net':80
- 'fa####delight.net':80
- 'ch#####nelectricity.net':80
- 'fa#####lectricity.net':80
- 'ei####borrow.net':80
- 'en####htrain.net':80
- 'ei#####lectricity.net':80
- 'en####hborrow.net':80
- 'ei###rtrain.net':80
- 'fa###ytrain.net':80
- 'pi#####electricity.net':80
- 'ci######eelectricity.net':80
- 'pi####etrain.net':80
- 'ci####ttetrain.net':80
- 'pi####edelight.net':80
- 'fa####borrow.net':80
- 'ch####entrain.net':80
- 'ci#####tedelight.net':80
- 'ch####enborrow.net':80
- http://ma####enumber.net/index.php
- http://pe####position.net/index.php
- http://be####epartial.net/index.php
- http://pe####number.net/index.php
- http://ma####eposition.net/index.php
- http://pe####partial.net/index.php
- http://ma####epartial.net/index.php
- http://pe####strike.net/index.php
- http://ma####estrike.net/index.php
- http://ex####partial.net/index.php
- http://en####hdelight.net/index.php
- http://ex####number.net/index.php
- http://en#####electricity.net/index.php
- http://ei####delight.net/index.php
- http://be####enumber.net/index.php
- http://ex####strike.net/index.php
- http://be####estrike.net/index.php
- http://ex####position.net/index.php
- http://be####eposition.net/index.php
- http://su####number.net/index.php
- http://ri###strike.net/index.php
- http://wh####rpartial.net/index.php
- http://ri####osition.net/index.php
- http://wh####rstrike.net/index.php
- http://ri####artial.net/index.php
- http://fi####position.net/index.php
- http://th####position.net/index.php
- http://fi####number.net/index.php
- http://th####number.net/index.php
- http://wh####rposition.net/index.php
- http://fo####nposition.net/index.php
- http://su####strike.net/index.php
- http://fo####nnumber.net/index.php
- http://su####position.net/index.php
- http://fo####nstrike.net/index.php
- http://wh####rnumber.net/index.php
- http://ri###number.net/index.php
- http://su####partial.net/index.php
- http://fo####npartial.net/index.php
- http://fi###etrain.net/index.php
- http://th###htrain.net/index.php
- http://fi####borrow.net/index.php
- http://th####borrow.net/index.php
- http://fi#####lectricity.net/index.php
- http://th####delight.net/index.php
- http://pi####eborrow.net/index.php
- http://th#####lectricity.net/index.php
- http://fi####delight.net/index.php
- http://ri####elight.net/index.php
- http://wh####rborrow.net/index.php
- http://ri###borrow.net/index.php
- http://su####delight.net/index.php
- http://fo####ndelight.net/index.php
- http://wh####rtrain.net/index.php
- http://ri#####ectricity.net/index.php
- http://wh####rdelight.net/index.php
- http://ri###train.net/index.php
- http://wh#####electricity.net/index.php
- http://ci####tteborrow.net/index.php
- http://ch####endelight.net/index.php
- http://fa####delight.net/index.php
- http://ch#####nelectricity.net/index.php
- http://fa#####lectricity.net/index.php
- http://ei####borrow.net/index.php
- http://en####htrain.net/index.php
- http://ei#####lectricity.net/index.php
- http://en####hborrow.net/index.php
- http://ei###rtrain.net/index.php
- http://fa###ytrain.net/index.php
- http://pi#####electricity.net/index.php
- http://ci######eelectricity.net/index.php
- http://pi####etrain.net/index.php
- http://ci####ttetrain.net/index.php
- http://pi####edelight.net/index.php
- http://fa####borrow.net/index.php
- http://ch####entrain.net/index.php
- http://ci#####tedelight.net/index.php
- http://ch####enborrow.net/index.php
- DNS ASK pe####position.net
- DNS ASK ma####eposition.net
- DNS ASK pe####number.net
- DNS ASK ma####enumber.net
- DNS ASK pe####strike.net
- DNS ASK ma####epartial.net
- DNS ASK su####number.net
- DNS ASK ma####estrike.net
- DNS ASK pe####partial.net
- DNS ASK be####epartial.net
- DNS ASK ex####number.net
- DNS ASK be####enumber.net
- DNS ASK ei####delight.net
- DNS ASK en####hdelight.net
- DNS ASK ex####position.net
- DNS ASK be####estrike.net
- DNS ASK ex####partial.net
- DNS ASK be####eposition.net
- DNS ASK ex####strike.net
- DNS ASK fo####nnumber.net
- DNS ASK wh####rpartial.net
- DNS ASK ri####artial.net
- DNS ASK wh####rstrike.net
- DNS ASK ri###strike.net
- DNS ASK fi####number.net
- DNS ASK th####position.net
- DNS ASK fi####strike.net
- DNS ASK th####number.net
- DNS ASK fi####position.net
- DNS ASK ri####osition.net
- DNS ASK su####strike.net
- DNS ASK fo####nstrike.net
- DNS ASK su####position.net
- DNS ASK fo####nposition.net
- DNS ASK su####partial.net
- DNS ASK ri###number.net
- DNS ASK wh####rposition.net
- DNS ASK fo####npartial.net
- DNS ASK wh####rnumber.net
- DNS ASK en#####electricity.net
- DNS ASK fi###etrain.net
- DNS ASK th###htrain.net
- DNS ASK fi####borrow.net
- DNS ASK th####borrow.net
- DNS ASK fi#####lectricity.net
- DNS ASK th####delight.net
- DNS ASK pi####eborrow.net
- DNS ASK th#####lectricity.net
- DNS ASK fi####delight.net
- DNS ASK ri####elight.net
- DNS ASK wh####rborrow.net
- DNS ASK ri###borrow.net
- DNS ASK su####delight.net
- DNS ASK fo####ndelight.net
- DNS ASK wh####rtrain.net
- DNS ASK ri#####ectricity.net
- DNS ASK wh####rdelight.net
- DNS ASK ri###train.net
- DNS ASK wh#####electricity.net
- DNS ASK ci####tteborrow.net
- DNS ASK ch####endelight.net
- DNS ASK fa####delight.net
- DNS ASK ch#####nelectricity.net
- DNS ASK fa#####lectricity.net
- DNS ASK ei####borrow.net
- DNS ASK en####htrain.net
- DNS ASK ei#####lectricity.net
- DNS ASK en####hborrow.net
- DNS ASK ei###rtrain.net
- DNS ASK fa###ytrain.net
- DNS ASK pi#####electricity.net
- DNS ASK ci######eelectricity.net
- DNS ASK pi####etrain.net
- DNS ASK ci####ttetrain.net
- DNS ASK pi####edelight.net
- DNS ASK fa####borrow.net
- DNS ASK ch####entrain.net
- DNS ASK ci#####tedelight.net
- DNS ASK ch####enborrow.net
- ClassName: 'Shell_TrayWnd' WindowName: ''