Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Color AutoConfig Log IP Human' = 'C:\vmsrufprs\txagdekbyw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Isolation Routing Smart Time Registrar DLL] 'ImagePath' = 'C:\vmsrufprs\txagdekbyw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Isolation Routing Smart Time Registrar DLL] 'Start' = '00000002'
- 'C:\vmsrufprs\dzdrzmstca.exe' "c:\vmsrufprs\txagdekbyw.exe"
- 'C:\vmsrufprs\txagdekbyw.exe'
- 'C:\vmsrufprs\yb4nn2wkbkmnbjibpvpn.exe'
- C:\vmsrufprs\txagdekbyw.exe
- C:\vmsrufprs\dzdrzmstca.exe
- C:\vmsrufprs\yb4nn2wkbkmnbjibpvpn.exe
- %WINDIR%\vmsrufprs\oiksmn
- C:\vmsrufprs\oiksmn
- C:\vmsrufprs\dzdrzmstca.exe
- C:\vmsrufprs\txagdekbyw.exe
- C:\vmsrufprs\yb4nn2wkbkmnbjibpvpn.exe
- %WINDIR%\vmsrufprs\oiksmn
- 'mo#####ttogether.net':80
- 'ou####espent.net':80
- 'mo####ntcontrol.net':80
- 'ou####etogether.net':80
- 'mo####ntmatter.net':80
- 'en####hfence.net':80
- 'mo####ntspent.net':80
- 'ou####ematter.net':80
- 'bu#####gtogether.net':80
- 'ev####gspent.net':80
- 'bu####ngcontrol.net':80
- 'ev####gtogether.net':80
- 'bu####ngmatter.net':80
- 'ou####econtrol.net':80
- 'bu####ngspent.net':80
- 'ev####gmatter.net':80
- 'ei###rfence.net':80
- 'fa####straight.net':80
- 'ch#####nstraight.net':80
- 'fa###yguard.net':80
- 'ch####enguard.net':80
- 'pi####efence.net':80
- 'ci####tteguard.net':80
- 'fa####airplane.net':80
- 'ch#####nairplane.net':80
- 'en####hstraight.net':80
- 'ei####straight.net':80
- 'en####hguard.net':80
- 'ei###rguard.net':80
- 'fa###yfence.net':80
- 'ch####enfence.net':80
- 'en####hairplane.net':80
- 'ei####airplane.net':80
- http://mo#####ttogether.net/index.php
- http://ou####espent.net/index.php
- http://mo####ntcontrol.net/index.php
- http://ou####etogether.net/index.php
- http://mo####ntmatter.net/index.php
- http://en####hfence.net/index.php
- http://mo####ntspent.net/index.php
- http://ou####ematter.net/index.php
- http://bu#####gtogether.net/index.php
- http://ev####gspent.net/index.php
- http://bu####ngcontrol.net/index.php
- http://ev####gtogether.net/index.php
- http://bu####ngmatter.net/index.php
- http://ou####econtrol.net/index.php
- http://bu####ngspent.net/index.php
- http://ev####gmatter.net/index.php
- http://ei###rfence.net/index.php
- http://fa####straight.net/index.php
- http://ch#####nstraight.net/index.php
- http://fa###yguard.net/index.php
- http://ch####enguard.net/index.php
- http://pi####efence.net/index.php
- http://ci####tteguard.net/index.php
- http://fa####airplane.net/index.php
- http://ch#####nairplane.net/index.php
- http://en####hstraight.net/index.php
- http://ei####straight.net/index.php
- http://en####hguard.net/index.php
- http://ei###rguard.net/index.php
- http://fa###yfence.net/index.php
- http://ch####enfence.net/index.php
- http://en####hairplane.net/index.php
- http://ei####airplane.net/index.php
- DNS ASK ou####espent.net
- DNS ASK mo####ntspent.net
- DNS ASK ou####etogether.net
- DNS ASK mo#####ttogether.net
- DNS ASK en####hfence.net
- DNS ASK ei###rfence.net
- DNS ASK ou####ematter.net
- DNS ASK mo####ntmatter.net
- DNS ASK mo####ntcontrol.net
- DNS ASK bu#####gtogether.net
- DNS ASK ev####gspent.net
- DNS ASK bu####ngcontrol.net
- DNS ASK ev####gtogether.net
- DNS ASK bu####ngmatter.net
- DNS ASK ou####econtrol.net
- DNS ASK bu####ngspent.net
- DNS ASK ev####gmatter.net
- DNS ASK ch#####nstraight.net
- DNS ASK fa####airplane.net
- DNS ASK ch####enguard.net
- DNS ASK fa####straight.net
- DNS ASK pi####efence.net
- DNS ASK ci####tteguard.net
- DNS ASK ch#####nairplane.net
- DNS ASK ci####ttefence.net
- DNS ASK fa###yguard.net
- DNS ASK en####hstraight.net
- DNS ASK ei####straight.net
- DNS ASK en####hguard.net
- DNS ASK ei###rguard.net
- DNS ASK fa###yfence.net
- DNS ASK ch####enfence.net
- DNS ASK en####hairplane.net
- DNS ASK ei####airplane.net
- ClassName: 'Shell_TrayWnd' WindowName: ''