Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'List RPC Quality Policy Now Connectivity' = 'C:\bqejfhbesjwz\gxjwwkin.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\UserMode VC TPM Collector Color] 'ImagePath' = 'C:\bqejfhbesjwz\gxjwwkin.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\UserMode VC TPM Collector Color] 'Start' = '00000002'
- 'C:\bqejfhbesjwz\xtdpbmqyeca.exe' "c:\bqejfhbesjwz\gxjwwkin.exe"
- 'C:\bqejfhbesjwz\gxjwwkin.exe'
- 'C:\bqejfhbesjwz\fswtx2mz9adddhwajjc.exe'
- C:\bqejfhbesjwz\gxjwwkin.exe
- C:\bqejfhbesjwz\xtdpbmqyeca.exe
- C:\bqejfhbesjwz\fswtx2mz9adddhwajjc.exe
- %WINDIR%\bqejfhbesjwz\yzgigr
- C:\bqejfhbesjwz\yzgigr
- C:\bqejfhbesjwz\xtdpbmqyeca.exe
- C:\bqejfhbesjwz\gxjwwkin.exe
- C:\bqejfhbesjwz\fswtx2mz9adddhwajjc.exe
- %WINDIR%\bqejfhbesjwz\yzgigr
- 'su####tnearly.net':80
- 'su####thappen.net':80
- 'pe####sshare.net':80
- 'wi###wshare.net':80
- 'wi###rshare.net':80
- 'su####tshare.net':80
- 'wi###rshake.net':80
- 'su####tshake.net':80
- 'wi###wshake.net':80
- 'po####leshare.net':80
- 'pe####snearly.net':80
- 'po####leshake.net':80
- 'mo####inshare.net':80
- 'wi####happen.net':80
- 'pe####sshake.net':80
- 'wi####nearly.net':80
- 'pe####shappen.net':80
- 'pr####lyhappen.net':80
- 'sw###shake.net':80
- 'pr####lynearly.net':80
- 'sw###happen.net':80
- 'pr####lyshare.net':80
- 'se####lnearly.net':80
- 'pr####lyshake.net':80
- 'sw###share.net':80
- 'sw###nearly.net':80
- 'fi####happen.net':80
- 'le###happen.net':80
- 'fi####nearly.net':80
- 'le###nearly.net':80
- 'fi###hshare.net':80
- 'le###share.net':80
- 'fi###hshake.net':80
- 'le###shake.net':80
- 'se####lriver.net':80
- 'ma####alriver.net':80
- 'se####lservice.net':80
- 'ma####alservice.net':80
- 'se####happen.net':80
- 'la###happen.net':80
- 'se####nearly.net':80
- 'la###nearly.net':80
- 'ma####alsuppose.net':80
- 'pr####lyservice.net':80
- 'sw###river.net':80
- 'pr####lysuppose.net':80
- 'sw####ervice.net':80
- 'ma####almister.net':80
- 'se####lsuppose.net':80
- 'pr####lyriver.net':80
- 'se####lmister.net':80
- 'mo###rshare.net':80
- 'mo####innearly.net':80
- 'mo###rshake.net':80
- 'si###eshare.net':80
- 'po####lehappen.net':80
- 'mo####inshake.net':80
- 'po####lenearly.net':80
- 'mo####inhappen.net':80
- 'si###eshake.net':80
- 'se###ashare.net':80
- 'la###share.net':80
- 'se###ashake.net':80
- 'la###shake.net':80
- 'si####happen.net':80
- 'mo####happen.net':80
- 'si####nearly.net':80
- 'mo####nearly.net':80
- http://su####tnearly.net/index.php
- http://su####thappen.net/index.php
- http://pe####sshare.net/index.php
- http://wi###wshare.net/index.php
- http://wi###rshare.net/index.php
- http://su####tshare.net/index.php
- http://wi###rshake.net/index.php
- http://su####tshake.net/index.php
- http://wi###wshake.net/index.php
- http://po####leshare.net/index.php
- http://pe####snearly.net/index.php
- http://po####leshake.net/index.php
- http://mo####inshare.net/index.php
- http://wi####happen.net/index.php
- http://pe####sshake.net/index.php
- http://wi####nearly.net/index.php
- http://pe####shappen.net/index.php
- http://pr####lyhappen.net/index.php
- http://sw###shake.net/index.php
- http://pr####lynearly.net/index.php
- http://sw###happen.net/index.php
- http://pr####lyshare.net/index.php
- http://se####lnearly.net/index.php
- http://pr####lyshake.net/index.php
- http://sw###share.net/index.php
- http://sw###nearly.net/index.php
- http://fi####happen.net/index.php
- http://le###happen.net/index.php
- http://fi####nearly.net/index.php
- http://le###nearly.net/index.php
- http://fi###hshare.net/index.php
- http://le###share.net/index.php
- http://fi###hshake.net/index.php
- http://le###shake.net/index.php
- http://se####lriver.net/index.php
- http://ma####alriver.net/index.php
- http://se####lservice.net/index.php
- http://ma####alservice.net/index.php
- http://se####happen.net/index.php
- http://la###happen.net/index.php
- http://se####nearly.net/index.php
- http://la###nearly.net/index.php
- http://ma####alsuppose.net/index.php
- http://pr####lyservice.net/index.php
- http://sw###river.net/index.php
- http://pr####lysuppose.net/index.php
- http://sw####ervice.net/index.php
- http://ma####almister.net/index.php
- http://se####lsuppose.net/index.php
- http://pr####lyriver.net/index.php
- http://se####lmister.net/index.php
- http://mo###rshare.net/index.php
- http://mo####innearly.net/index.php
- http://mo###rshake.net/index.php
- http://si###eshare.net/index.php
- http://po####lehappen.net/index.php
- http://mo####inshake.net/index.php
- http://po####lenearly.net/index.php
- http://mo####inhappen.net/index.php
- http://si###eshake.net/index.php
- http://se###ashare.net/index.php
- http://la###share.net/index.php
- http://se###ashake.net/index.php
- http://la###shake.net/index.php
- http://si####happen.net/index.php
- http://mo####happen.net/index.php
- http://si####nearly.net/index.php
- http://mo####nearly.net/index.php
- DNS ASK su####thappen.net
- DNS ASK wi###rshake.net
- DNS ASK wi###wshare.net
- DNS ASK su####tnearly.net
- DNS ASK su####tshare.net
- DNS ASK fi####nearly.net
- DNS ASK su####tshake.net
- DNS ASK wi###rshare.net
- DNS ASK pe####sshare.net
- DNS ASK pe####snearly.net
- DNS ASK wi####nearly.net
- DNS ASK mo####inshare.net
- DNS ASK po####leshare.net
- DNS ASK pe####sshake.net
- DNS ASK wi###wshake.net
- DNS ASK pe####shappen.net
- DNS ASK wi####happen.net
- DNS ASK sw###shake.net
- DNS ASK pr####lyshake.net
- DNS ASK sw###happen.net
- DNS ASK pr####lyhappen.net
- DNS ASK se####lnearly.net
- DNS ASK ma####alnearly.net
- DNS ASK sw###share.net
- DNS ASK pr####lyshare.net
- DNS ASK pr####lynearly.net
- DNS ASK le###happen.net
- DNS ASK fi###hshake.net
- DNS ASK le###nearly.net
- DNS ASK fi####happen.net
- DNS ASK le###share.net
- DNS ASK sw###nearly.net
- DNS ASK le###shake.net
- DNS ASK fi###hshare.net
- DNS ASK po####leshake.net
- DNS ASK se####lriver.net
- DNS ASK ma####alriver.net
- DNS ASK se####lservice.net
- DNS ASK ma####alservice.net
- DNS ASK se####happen.net
- DNS ASK la###happen.net
- DNS ASK se####nearly.net
- DNS ASK la###nearly.net
- DNS ASK ma####alsuppose.net
- DNS ASK pr####lyservice.net
- DNS ASK sw###river.net
- DNS ASK pr####lysuppose.net
- DNS ASK sw####ervice.net
- DNS ASK ma####almister.net
- DNS ASK se####lsuppose.net
- DNS ASK pr####lyriver.net
- DNS ASK se####lmister.net
- DNS ASK mo###rshare.net
- DNS ASK mo####innearly.net
- DNS ASK mo###rshake.net
- DNS ASK si###eshare.net
- DNS ASK po####lehappen.net
- DNS ASK mo####inshake.net
- DNS ASK po####lenearly.net
- DNS ASK mo####inhappen.net
- DNS ASK si###eshake.net
- DNS ASK se###ashare.net
- DNS ASK la###share.net
- DNS ASK se###ashake.net
- DNS ASK la###shake.net
- DNS ASK si####happen.net
- DNS ASK mo####happen.net
- DNS ASK si####nearly.net
- DNS ASK mo####nearly.net
- ClassName: 'Shell_TrayWnd' WindowName: ''