Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Coordinator Endpoint' = 'C:\blldncc\kamklvr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Mapper Service UPnP List Key Shadow] 'ImagePath' = 'C:\blldncc\kamklvr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Mapper Service UPnP List Key Shadow] 'Start' = '00000002'
- 'C:\blldncc\vvudzlrtecn.exe' "c:\blldncc\kamklvr.exe"
- 'C:\blldncc\kamklvr.exe'
- 'C:\blldncc\dn2v48qqaji1rgf.exe'
- C:\blldncc\kamklvr.exe
- C:\blldncc\vvudzlrtecn.exe
- C:\blldncc\mhq3zp
- %WINDIR%\blldncc\admnzgkfxk
- C:\blldncc\admnzgkfxk
- C:\blldncc\dn2v48qqaji1rgf.exe
- C:\blldncc\vvudzlrtecn.exe
- C:\blldncc\kamklvr.exe
- C:\blldncc\dn2v48qqaji1rgf.exe
- %WINDIR%\blldncc\admnzgkfxk
- 'fi###hpower.net':80
- 'le###power.net':80
- 'fi####famous.net':80
- 'le###famous.net':80
- 'sw####entury.net':80
- 'pr####lycentury.net':80
- 'fi####country.net':80
- 'le####ountry.net':80
- 'le####entury.net':80
- 'su####tcentury.net':80
- 'su####tfamous.net':80
- 'pe####scountry.net':80
- 'wi####country.net':80
- 'su####tcountry.net':80
- 'fi####century.net':80
- 'wi###rpower.net':80
- 'su####tpower.net':80
- 'sw###famous.net':80
- 'se####lcountry.net':80
- 'ma####alcountry.net':80
- 'se####lpower.net':80
- 'ma####alpower.net':80
- 'se####beside.net':80
- 'la###beside.net':80
- 'se####surprise.net':80
- 'la####urprise.net':80
- 'ma####alfamous.net':80
- 'pr####lypower.net':80
- 'sw####ountry.net':80
- 'pr####lyfamous.net':80
- 'sw###power.net':80
- 'ma####alcentury.net':80
- 'se####lfamous.net':80
- 'pr####lycountry.net':80
- 'se####lcentury.net':80
- 'se####country.net':80
- 'la####ountry.net':80
- 'se###apower.net':80
- 'la###power.net':80
- 'si####famous.net':80
- 'mo####famous.net':80
- 'si####century.net':80
- 'mo####century.net':80
- 'la###famous.net':80
- 'ma####alplease.net':80
- 'se#####condition.net':80
- 'ma####alsoldier.net':80
- 'se####lplease.net':80
- 'la####entury.net':80
- 'se####famous.net':80
- 'ma#####lcondition.net':80
- 'se####century.net':80
- 'si###epower.net':80
- 'pe####scentury.net':80
- 'wi####century.net':80
- 'mo####incountry.net':80
- 'po####lecountry.net':80
- 'pe####spower.net':80
- 'wi###wpower.net':80
- 'pe####sfamous.net':80
- 'wi####famous.net':80
- 'po####lepower.net':80
- 'mo####country.net':80
- 'mo####incentury.net':80
- 'mo###rpower.net':80
- 'si####country.net':80
- 'po####lefamous.net':80
- 'mo####inpower.net':80
- 'po####lecentury.net':80
- 'mo####infamous.net':80
- http://fi###hpower.net/index.php
- http://le###power.net/index.php
- http://fi####famous.net/index.php
- http://le###famous.net/index.php
- http://sw####entury.net/index.php
- http://pr####lycentury.net/index.php
- http://fi####country.net/index.php
- http://le####ountry.net/index.php
- http://le####entury.net/index.php
- http://su####tcentury.net/index.php
- http://su####tfamous.net/index.php
- http://pe####scountry.net/index.php
- http://wi####country.net/index.php
- http://su####tcountry.net/index.php
- http://fi####century.net/index.php
- http://wi###rpower.net/index.php
- http://su####tpower.net/index.php
- http://sw###famous.net/index.php
- http://se####lcountry.net/index.php
- http://ma####alcountry.net/index.php
- http://se####lpower.net/index.php
- http://ma####alpower.net/index.php
- http://se####beside.net/index.php
- http://la###beside.net/index.php
- http://se####surprise.net/index.php
- http://la####urprise.net/index.php
- http://ma####alfamous.net/index.php
- http://pr####lypower.net/index.php
- http://sw####ountry.net/index.php
- http://pr####lyfamous.net/index.php
- http://sw###power.net/index.php
- http://ma####alcentury.net/index.php
- http://se####lfamous.net/index.php
- http://pr####lycountry.net/index.php
- http://se####lcentury.net/index.php
- http://se####country.net/index.php
- http://la####ountry.net/index.php
- http://se###apower.net/index.php
- http://la###power.net/index.php
- http://si####famous.net/index.php
- http://mo####famous.net/index.php
- http://si####century.net/index.php
- http://mo####century.net/index.php
- http://la###famous.net/index.php
- http://ma####alplease.net/index.php
- http://se#####condition.net/index.php
- http://ma####alsoldier.net/index.php
- http://se####lplease.net/index.php
- http://la####entury.net/index.php
- http://se####famous.net/index.php
- http://ma#####lcondition.net/index.php
- http://se####century.net/index.php
- http://si###epower.net/index.php
- http://pe####scentury.net/index.php
- http://wi####century.net/index.php
- http://mo####incountry.net/index.php
- http://po####lecountry.net/index.php
- http://pe####spower.net/index.php
- http://wi###wpower.net/index.php
- http://pe####sfamous.net/index.php
- http://wi####famous.net/index.php
- http://po####lepower.net/index.php
- http://mo####country.net/index.php
- http://mo####incentury.net/index.php
- http://mo###rpower.net/index.php
- http://si####country.net/index.php
- http://po####lefamous.net/index.php
- http://mo####inpower.net/index.php
- http://po####lecentury.net/index.php
- http://mo####infamous.net/index.php
- DNS ASK le###power.net
- DNS ASK fi####country.net
- DNS ASK le###famous.net
- DNS ASK fi###hpower.net
- DNS ASK pr####lycentury.net
- DNS ASK sw###famous.net
- DNS ASK le####ountry.net
- DNS ASK sw####entury.net
- DNS ASK fi####famous.net
- DNS ASK su####tfamous.net
- DNS ASK wi###rpower.net
- DNS ASK wi####country.net
- DNS ASK su####tcentury.net
- DNS ASK fi####century.net
- DNS ASK le####entury.net
- DNS ASK su####tpower.net
- DNS ASK su####tcountry.net
- DNS ASK pr####lyfamous.net
- DNS ASK ma####alcountry.net
- DNS ASK se####surprise.net
- DNS ASK ma####alpower.net
- DNS ASK se####lcountry.net
- DNS ASK la###beside.net
- DNS ASK se####letter.net
- DNS ASK la####urprise.net
- DNS ASK se####beside.net
- DNS ASK se####lpower.net
- DNS ASK sw####ountry.net
- DNS ASK pr####lycountry.net
- DNS ASK sw###power.net
- DNS ASK pr####lypower.net
- DNS ASK se####lfamous.net
- DNS ASK ma####alfamous.net
- DNS ASK se####lcentury.net
- DNS ASK ma####alcentury.net
- DNS ASK pe####scountry.net
- DNS ASK se####country.net
- DNS ASK la####ountry.net
- DNS ASK se###apower.net
- DNS ASK la###power.net
- DNS ASK si####famous.net
- DNS ASK mo####famous.net
- DNS ASK si####century.net
- DNS ASK mo####century.net
- DNS ASK la###famous.net
- DNS ASK ma####alplease.net
- DNS ASK se#####condition.net
- DNS ASK ma####alsoldier.net
- DNS ASK se####lplease.net
- DNS ASK la####entury.net
- DNS ASK se####famous.net
- DNS ASK ma#####lcondition.net
- DNS ASK se####century.net
- DNS ASK si###epower.net
- DNS ASK pe####scentury.net
- DNS ASK wi####century.net
- DNS ASK mo####incountry.net
- DNS ASK po####lecountry.net
- DNS ASK pe####spower.net
- DNS ASK wi###wpower.net
- DNS ASK pe####sfamous.net
- DNS ASK wi####famous.net
- DNS ASK po####lepower.net
- DNS ASK mo####country.net
- DNS ASK mo####incentury.net
- DNS ASK mo###rpower.net
- DNS ASK si####country.net
- DNS ASK po####lefamous.net
- DNS ASK mo####inpower.net
- DNS ASK po####lecentury.net
- DNS ASK mo####infamous.net
- ClassName: 'Shell_TrayWnd' WindowName: ''