Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DLL DCOM CNG Mapper Fax PnP-X' = 'C:\vhoofoex\adoauolscaar.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Logs CardSpace Input Hardware Notification] 'Start' = '00000002'
- 'C:\vhoofoex\zjbuupll.exe' "c:\vhoofoex\adoauolscaar.exe"
- 'C:\vhoofoex\adoauolscaar.exe'
- 'C:\vhoofoex\hsybt2ozraffzsyfih5j.exe'
- C:\vhoofoex\adoauolscaar.exe
- C:\vhoofoex\zjbuupll.exe
- C:\vhoofoex\mveoqzpzocs
- %WINDIR%\vhoofoex\hocmjw
- C:\vhoofoex\hocmjw
- C:\vhoofoex\hsybt2ozraffzsyfih5j.exe
- C:\vhoofoex\zjbuupll.exe
- C:\vhoofoex\adoauolscaar.exe
- C:\vhoofoex\hsybt2ozraffzsyfih5j.exe
- %WINDIR%\vhoofoex\hocmjw
- 'ga###rfancy.net':80
- 'be####consider.net':80
- 'ga####laughter.net':80
- 'be###rfancy.net':80
- 'ga####friend.net':80
- 'fl####aughter.net':80
- 'ga####consider.net':80
- 'be####friend.net':80
- 'tr###fancy.net':80
- 'st####consider.net':80
- 'tr####aughter.net':80
- 'st###tfancy.net':80
- 'tr###friend.net':80
- 'be####laughter.net':80
- 'tr####onsider.net':80
- 'st####friend.net':80
- 'se###nfancy.net':80
- 'qu####onsider.net':80
- 'se####laughter.net':80
- 'qu###fancy.net':80
- 'se####friend.net':80
- 'ag####tsmell.net':80
- 'se####consider.net':80
- 'qu###friend.net':80
- 'br###fancy.net':80
- 'fl####onsider.net':80
- 'br####aughter.net':80
- 'fl###fancy.net':80
- 'br###friend.net':80
- 'qu####aughter.net':80
- 'br####onsider.net':80
- 'fl###friend.net':80
- 'st####laughter.net':80
- 'ni###fancy.net':80
- 'de###efancy.net':80
- 'ni####aughter.net':80
- 'de####laughter.net':80
- 'ni###friend.net':80
- 'de####friend.net':80
- 'ni####onsider.net':80
- 'de####consider.net':80
- 'ag####tfancy.net':80
- 'do###fancy.net':80
- 'ag####tlaughter.net':80
- 'do####aughter.net':80
- 'ag####tfriend.net':80
- 'do###friend.net':80
- 'ag####tconsider.net':80
- 'do####onsider.net':80
- 're###dfancy.net':80
- 'el####icfancy.net':80
- 're####laughter.net':80
- 'el#####claughter.net':80
- 're####friend.net':80
- 'el####icfriend.net':80
- 're####consider.net':80
- 'el#####cconsider.net':80
- 'la###fancy.net':80
- 'ca####nfancy.net':80
- 'la####aughter.net':80
- 'ca####nlaughter.net':80
- 'la###friend.net':80
- 'ca####nfriend.net':80
- 'la####onsider.net':80
- 'ca####nconsider.net':80
- http://ga###rfancy.net/index.php?me########
- http://be####consider.net/index.php?me########
- http://ga####laughter.net/index.php?me########
- http://be###rfancy.net/index.php?me########
- http://ga####friend.net/index.php?me########
- http://fl####aughter.net/index.php?me########
- http://ga####consider.net/index.php?me########
- http://be####friend.net/index.php?me########
- http://tr###fancy.net/index.php?me########
- http://st####consider.net/index.php?me########
- http://tr####aughter.net/index.php?me########
- http://st###tfancy.net/index.php?me########
- http://tr###friend.net/index.php?me########
- http://be####laughter.net/index.php?me########
- http://tr####onsider.net/index.php?me########
- http://st####friend.net/index.php?me########
- http://se###nfancy.net/index.php?me########
- http://qu####onsider.net/index.php?me########
- http://se####laughter.net/index.php?me########
- http://qu###fancy.net/index.php?me########
- http://se####friend.net/index.php?me########
- http://ag####tsmell.net/index.php?me########
- http://se####consider.net/index.php?me########
- http://qu###friend.net/index.php?me########
- http://br###fancy.net/index.php?me########
- http://fl####onsider.net/index.php?me########
- http://br####aughter.net/index.php?me########
- http://fl###fancy.net/index.php?me########
- http://br###friend.net/index.php?me########
- http://qu####aughter.net/index.php?me########
- http://br####onsider.net/index.php?me########
- http://fl###friend.net/index.php?me########
- http://st####laughter.net/index.php?me########
- http://ni###fancy.net/index.php?me########
- http://de###efancy.net/index.php?me########
- http://ni####aughter.net/index.php?me########
- http://de####laughter.net/index.php?me########
- http://ni###friend.net/index.php?me########
- http://de####friend.net/index.php?me########
- http://ni####onsider.net/index.php?me########
- http://de####consider.net/index.php?me########
- http://ag####tfancy.net/index.php?me########
- http://do###fancy.net/index.php?me########
- http://ag####tlaughter.net/index.php?me########
- http://do####aughter.net/index.php?me########
- http://ag####tfriend.net/index.php?me########
- http://do###friend.net/index.php?me########
- http://ag####tconsider.net/index.php?me########
- http://do####onsider.net/index.php?me########
- http://re###dfancy.net/index.php?me########
- http://el####icfancy.net/index.php?me########
- http://re####laughter.net/index.php?me########
- http://el#####claughter.net/index.php?me########
- http://re####friend.net/index.php?me########
- http://el####icfriend.net/index.php?me########
- http://re####consider.net/index.php?me########
- http://el#####cconsider.net/index.php?me########
- http://la###fancy.net/index.php?me########
- http://ca####nfancy.net/index.php?me########
- http://la####aughter.net/index.php?me########
- http://ca####nlaughter.net/index.php?me########
- http://la###friend.net/index.php?me########
- http://ca####nfriend.net/index.php?me########
- http://la####onsider.net/index.php?me########
- http://ca####nconsider.net/index.php?me########
- DNS ASK ga###rfancy.net
- DNS ASK be####consider.net
- DNS ASK ga####laughter.net
- DNS ASK be###rfancy.net
- DNS ASK ga####friend.net
- DNS ASK fl####aughter.net
- DNS ASK ga####consider.net
- DNS ASK be####friend.net
- DNS ASK tr###fancy.net
- DNS ASK st####consider.net
- DNS ASK tr####aughter.net
- DNS ASK st###tfancy.net
- DNS ASK tr###friend.net
- DNS ASK be####laughter.net
- DNS ASK tr####onsider.net
- DNS ASK st####friend.net
- DNS ASK se###nfancy.net
- DNS ASK qu####onsider.net
- DNS ASK se####laughter.net
- DNS ASK qu###fancy.net
- DNS ASK se####friend.net
- DNS ASK ag####tsmell.net
- DNS ASK se####consider.net
- DNS ASK qu###friend.net
- DNS ASK br###fancy.net
- DNS ASK fl####onsider.net
- DNS ASK br####aughter.net
- DNS ASK fl###fancy.net
- DNS ASK br###friend.net
- DNS ASK qu####aughter.net
- DNS ASK br####onsider.net
- DNS ASK fl###friend.net
- DNS ASK st####laughter.net
- DNS ASK ni###fancy.net
- DNS ASK de###efancy.net
- DNS ASK ni####aughter.net
- DNS ASK de####laughter.net
- DNS ASK ni###friend.net
- DNS ASK de####friend.net
- DNS ASK ni####onsider.net
- DNS ASK de####consider.net
- DNS ASK ag####tfancy.net
- DNS ASK do###fancy.net
- DNS ASK ag####tlaughter.net
- DNS ASK do####aughter.net
- DNS ASK ag####tfriend.net
- DNS ASK do###friend.net
- DNS ASK ag####tconsider.net
- DNS ASK do####onsider.net
- DNS ASK re###dfancy.net
- DNS ASK el####icfancy.net
- DNS ASK re####laughter.net
- DNS ASK el#####claughter.net
- DNS ASK re####friend.net
- DNS ASK el####icfriend.net
- DNS ASK re####consider.net
- DNS ASK el#####cconsider.net
- DNS ASK la###fancy.net
- DNS ASK ca####nfancy.net
- DNS ASK la####aughter.net
- DNS ASK ca####nlaughter.net
- DNS ASK la###friend.net
- DNS ASK ca####nfriend.net
- DNS ASK la####onsider.net
- DNS ASK ca####nconsider.net
- ClassName: 'Shell_TrayWnd' WindowName: ''