Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Link AuthIP VC ActiveX Port' = 'C:\iwinweelrioluz\byshmlqpjmyk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\UPnP Accounts Wired Volume NetBIOS Cache Now] 'ImagePath' = 'C:\iwinweelrioluz\byshmlqpjmyk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\UPnP Accounts Wired Volume NetBIOS Cache Now] 'Start' = '00000002'
- 'C:\iwinweelrioluz\onrkruaq.exe' "c:\iwinweelrioluz\byshmlqpjmyk.exe"
- 'C:\iwinweelrioluz\byshmlqpjmyk.exe'
- 'C:\iwinweelrioluz\m33alyzsdckwbl8t.exe'
- C:\iwinweelrioluz\byshmlqpjmyk.exe
- C:\iwinweelrioluz\onrkruaq.exe
- C:\iwinweelrioluz\m33alyzsdckwbl8t.exe
- %WINDIR%\iwinweelrioluz\tzuxxklyzm
- C:\iwinweelrioluz\tzuxxklyzm
- C:\iwinweelrioluz\onrkruaq.exe
- C:\iwinweelrioluz\byshmlqpjmyk.exe
- C:\iwinweelrioluz\m33alyzsdckwbl8t.exe
- %WINDIR%\iwinweelrioluz\tzuxxklyzm
- 'mo#####ttherefore.net':80
- 'ou#####therefore.net':80
- 'mo#####tquestion.net':80
- 'ou####equestion.net':80
- 'bu####ngwhile.net':80
- 'ev####gwhile.net':80
- 'bu####ngschool.net':80
- 'ev####gschool.net':80
- 'ou####ewhile.net':80
- 'st####thalways.net':80
- 'st###always.net':80
- 'st####thanger.net':80
- 'st###anger.net':80
- 'ou####eschool.net':80
- 'mo####ntwhile.net':80
- 'st####thforest.net':80
- 'mo####ntschool.net':80
- 'mi####herefore.net':80
- 'do####school.net':80
- 'mi####uestion.net':80
- 'st####herefore.net':80
- 'pr###ywhile.net':80
- 'do####question.net':80
- 'pr####school.net':80
- 'do###rwhile.net':80
- 'st####uestion.net':80
- 'bu#####gtherefore.net':80
- 'ev#####therefore.net':80
- 'bu#####gquestion.net':80
- 'ev####gquestion.net':80
- 'st###while.net':80
- 'mi###while.net':80
- 'st###school.net':80
- 'mi###school.net':80
- 'do###ewheat.net':80
- 'fe###wanger.net':80
- 'pr####forest.net':80
- 'fe###wwheat.net':80
- 'fe####forest.net':80
- 'br###nwheat.net':80
- 'do###eanger.net':80
- 'fe####always.net':80
- 'do####forest.net':80
- 'do###rwheat.net':80
- 'pr###ywheat.net':80
- 'st###forest.net':80
- 'mi###forest.net':80
- 'do####always.net':80
- 'pr####always.net':80
- 'do###ranger.net':80
- 'pr###yanger.net':80
- 'pr####ealways.net':80
- 'de####always.net':80
- 'pr####eanger.net':80
- 'de###eanger.net':80
- 'st####thwheat.net':80
- 'st###wheat.net':80
- 'pr####eforest.net':80
- 'de####forest.net':80
- 'de###ewheat.net':80
- 're###tanger.net':80
- 'br####always.net':80
- 're###twheat.net':80
- 'br###nanger.net':80
- 're####forest.net':80
- 'pr####ewheat.net':80
- 're####always.net':80
- 'br####forest.net':80
- http://mo#####ttherefore.net/index.php
- http://ou#####therefore.net/index.php
- http://mo#####tquestion.net/index.php
- http://ou####equestion.net/index.php
- http://bu####ngwhile.net/index.php
- http://ev####gwhile.net/index.php
- http://bu####ngschool.net/index.php
- http://ev####gschool.net/index.php
- http://ou####ewhile.net/index.php
- http://st####thalways.net/index.php
- http://st###always.net/index.php
- http://st####thanger.net/index.php
- http://st###anger.net/index.php
- http://ou####eschool.net/index.php
- http://mo####ntwhile.net/index.php
- http://st####thforest.net/index.php
- http://mo####ntschool.net/index.php
- http://mi####herefore.net/index.php
- http://do####school.net/index.php
- http://mi####uestion.net/index.php
- http://st####herefore.net/index.php
- http://pr###ywhile.net/index.php
- http://do####question.net/index.php
- http://pr####school.net/index.php
- http://do###rwhile.net/index.php
- http://st####uestion.net/index.php
- http://bu#####gtherefore.net/index.php
- http://ev#####therefore.net/index.php
- http://bu#####gquestion.net/index.php
- http://ev####gquestion.net/index.php
- http://st###while.net/index.php
- http://mi###while.net/index.php
- http://st###school.net/index.php
- http://mi###school.net/index.php
- http://do###ewheat.net/index.php
- http://fe###wanger.net/index.php
- http://pr####forest.net/index.php
- http://fe###wwheat.net/index.php
- http://fe####forest.net/index.php
- http://br###nwheat.net/index.php
- http://do###eanger.net/index.php
- http://fe####always.net/index.php
- http://do####forest.net/index.php
- http://do###rwheat.net/index.php
- http://pr###ywheat.net/index.php
- http://st###forest.net/index.php
- http://mi###forest.net/index.php
- http://do####always.net/index.php
- http://pr####always.net/index.php
- http://do###ranger.net/index.php
- http://pr###yanger.net/index.php
- http://pr####ealways.net/index.php
- http://de####always.net/index.php
- http://pr####eanger.net/index.php
- http://de###eanger.net/index.php
- http://st####thwheat.net/index.php
- http://st###wheat.net/index.php
- http://pr####eforest.net/index.php
- http://de####forest.net/index.php
- http://de###ewheat.net/index.php
- http://re###tanger.net/index.php
- http://br####always.net/index.php
- http://re###twheat.net/index.php
- http://br###nanger.net/index.php
- http://re####forest.net/index.php
- http://pr####ewheat.net/index.php
- http://re####always.net/index.php
- http://br####forest.net/index.php
- DNS ASK ou#####therefore.net
- DNS ASK bu####ngschool.net
- DNS ASK ou####equestion.net
- DNS ASK mo#####ttherefore.net
- DNS ASK ev####gwhile.net
- DNS ASK bu#####gquestion.net
- DNS ASK ev####gschool.net
- DNS ASK bu####ngwhile.net
- DNS ASK mo#####tquestion.net
- DNS ASK st###always.net
- DNS ASK st####thforest.net
- DNS ASK st###anger.net
- DNS ASK st####thalways.net
- DNS ASK mo####ntwhile.net
- DNS ASK ou####ewhile.net
- DNS ASK mo####ntschool.net
- DNS ASK ou####eschool.net
- DNS ASK do####school.net
- DNS ASK pr####school.net
- DNS ASK st####herefore.net
- DNS ASK mi####herefore.net
- DNS ASK do####question.net
- DNS ASK pr####question.net
- DNS ASK do###rwhile.net
- DNS ASK pr###ywhile.net
- DNS ASK mi####uestion.net
- DNS ASK ev#####therefore.net
- DNS ASK st###school.net
- DNS ASK ev####gquestion.net
- DNS ASK bu#####gtherefore.net
- DNS ASK mi###while.net
- DNS ASK st####uestion.net
- DNS ASK mi###school.net
- DNS ASK st###while.net
- DNS ASK st####thanger.net
- DNS ASK do###ewheat.net
- DNS ASK fe###wanger.net
- DNS ASK pr####forest.net
- DNS ASK fe###wwheat.net
- DNS ASK fe####forest.net
- DNS ASK br###nwheat.net
- DNS ASK do###eanger.net
- DNS ASK fe####always.net
- DNS ASK do####forest.net
- DNS ASK do###rwheat.net
- DNS ASK pr###ywheat.net
- DNS ASK st###forest.net
- DNS ASK mi###forest.net
- DNS ASK do####always.net
- DNS ASK pr####always.net
- DNS ASK do###ranger.net
- DNS ASK pr###yanger.net
- DNS ASK pr####ealways.net
- DNS ASK de####always.net
- DNS ASK pr####eanger.net
- DNS ASK de###eanger.net
- DNS ASK st####thwheat.net
- DNS ASK st###wheat.net
- DNS ASK pr####eforest.net
- DNS ASK de####forest.net
- DNS ASK de###ewheat.net
- DNS ASK re###tanger.net
- DNS ASK br####always.net
- DNS ASK re###twheat.net
- DNS ASK br###nanger.net
- DNS ASK re####forest.net
- DNS ASK pr####ewheat.net
- DNS ASK re####always.net
- DNS ASK br####forest.net
- ClassName: 'Shell_TrayWnd' WindowName: ''