Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Configuration iSCSI Update Window Notification] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Configuration iSCSI Update Window Notification] 'ImagePath' = 'C:\swtsnqdo\vgpyeqoxeyn.exe'
- 'Configuration iSCSI Update Window Notification' C:\swtsnqdo\vgpyeqoxeyn.exe
- %WINDIR%\swtsnqdo\n4cy43afb4pw
- C:\swtsnqdo\n4cy43afb4pw
- C:\swtsnqdo\z0trp48nbi7sxxuonlhdq.exe
- C:\swtsnqdo\vgpyeqoxeyn.exe
- C:\swtsnqdo\ghoojhnx.exe
- C:\swtsnqdo\vgpyeqoxeyn.exe
- C:\swtsnqdo\ghoojhnx.exe
- %WINDIR%\swtsnqdo\n4cy43afb4pw
- C:\swtsnqdo\z0trp48nbi7sxxuonlhdq.exe
- %WINDIR%\swtsnqdo\n4cy43afb4pw
- 'be###behind.net':80
- http://be###behind.net/index.php
- DNS ASK pr####lyheart.net
- DNS ASK wo###butter.net
- DNS ASK sm###behind.net
- DNS ASK wo###behind.net
- DNS ASK sm###broad.net
- DNS ASK wo###broad.net
- DNS ASK sm####nderstand.net
- DNS ASK wo####nderstand.net
- DNS ASK wa###butter.net
- DNS ASK th####tbutter.net
- DNS ASK sm###butter.net
- DNS ASK wa###behind.net
- DNS ASK wa###broad.net
- DNS ASK th####tbroad.net
- DNS ASK wa####nderstand.net
- DNS ASK th#####understand.net
- DNS ASK cr###butter.net
- DNS ASK su####butter.net
- DNS ASK cr###behind.net
- DNS ASK su####behind.net
- DNS ASK cr###broad.net
- DNS ASK th####tbehind.net
- DNS ASK pa####nderstand.net
- DNS ASK fi####nderstand.net
- DNS ASK pa###broad.net
- DNS ASK al####yarticle.net
- DNS ASK ge#####anarticle.net
- DNS ASK al####yangry.net
- DNS ASK ge####manangry.net
- DNS ASK al####yfifteen.net
- DNS ASK ge#####anfifteen.net
- DNS ASK al####ydried.net
- DNS ASK ge####mandried.net
- DNS ASK ex#####ncearticle.net
- DNS ASK fr####rticle.net
- DNS ASK ex####enceangry.net
- DNS ASK fr###angry.net
- DNS ASK ex#####ncefifteen.net
- DNS ASK fr####ifteen.net
- DNS ASK ex####encedried.net
- DNS ASK fr###dried.net
- DNS ASK fi###butter.net
- DNS ASK pa###butter.net
- DNS ASK fi###behind.net
- DNS ASK pa###behind.net
- DNS ASK fi###broad.net
- DNS ASK su###rbroad.net
- DNS ASK fo###wdried.net
- DNS ASK cr####nderstand.net
- DNS ASK kn###butter.net
- DNS ASK ex#####ncebehind.net
- DNS ASK fr###behind.net
- DNS ASK ex####encebroad.net
- DNS ASK fr###broad.net
- DNS ASK ex######ceunderstand.net
- DNS ASK fr####nderstand.net
- DNS ASK ma####albattle.net
- DNS ASK se####lbattle.net
- DNS ASK ma####almayor.net
- DNS ASK fr###butter.net
- DNS ASK se####lmayor.net
- DNS ASK se####lperfect.net
- DNS ASK ma####alheart.net
- DNS ASK se####lheart.net
- DNS ASK pr####lybattle.net
- DNS ASK sw###battle.net
- DNS ASK pr####lymayor.net
- DNS ASK sw###mayor.net
- DNS ASK pr####lyperfect.net
- DNS ASK sw####erfect.net
- DNS ASK ma####alperfect.net
- DNS ASK ex#####ncebutter.net
- DNS ASK ge#####anunderstand.net
- DNS ASK al#####understand.net
- DNS ASK be###butter.net
- DNS ASK kn###behind.net
- DNS ASK be###behind.net
- DNS ASK kn###broad.net
- DNS ASK be###broad.net
- DNS ASK kn####nderstand.net
- DNS ASK be####nderstand.net
- DNS ASK me####butter.net
- DNS ASK fo####butter.net
- DNS ASK me####behind.net
- DNS ASK fo####behind.net
- DNS ASK me###rbroad.net
- DNS ASK fo###wbroad.net
- DNS ASK me#####nderstand.net
- DNS ASK fo#####nderstand.net
- DNS ASK al####ybutter.net
- DNS ASK ge####manbutter.net
- DNS ASK al####ybehind.net
- DNS ASK ge####manbehind.net
- DNS ASK al####ybroad.net
- DNS ASK ge####manbroad.net
- DNS ASK su#####nderstand.net
- DNS ASK me###rdried.net
- 'C:\swtsnqdo\z0trp48nbi7sxxuonlhdq.exe'
- 'C:\swtsnqdo\vgpyeqoxeyn.exe'
- 'C:\swtsnqdo\ghoojhnx.exe' "c:\swtsnqdo\vgpyeqoxeyn.exe"