Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Interface Browser SPP Event' = 'C:\qoiebkcgakmtmd\avdaxit.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Protocol Network Input Microsoft] 'Start' = '00000002'
- 'C:\qoiebkcgakmtmd\bgshxgn.exe' "c:\qoiebkcgakmtmd\avdaxit.exe"
- 'C:\qoiebkcgakmtmd\avdaxit.exe'
- 'C:\qoiebkcgakmtmd\suidk2r76v0j1oeqkj3.exe'
- C:\qoiebkcgakmtmd\avdaxit.exe
- C:\qoiebkcgakmtmd\bgshxgn.exe
- C:\qoiebkcgakmtmd\suidk2r76v0j1oeqkj3.exe
- %WINDIR%\qoiebkcgakmtmd\ffcvqk7g5
- C:\qoiebkcgakmtmd\ffcvqk7g5
- C:\qoiebkcgakmtmd\bgshxgn.exe
- C:\qoiebkcgakmtmd\avdaxit.exe
- C:\qoiebkcgakmtmd\suidk2r76v0j1oeqkj3.exe
- %WINDIR%\qoiebkcgakmtmd\ffcvqk7g5
- 'su###rwhose.net':80
- 'cr###whose.net':80
- 'su####bicycle.net':80
- 'cr####icycle.net':80
- 'th####texcept.net':80
- 'wa###bridge.net':80
- 'th####tbicycle.net':80
- 'wa###except.net':80
- 'th####tbridge.net':80
- 'cr###bridge.net':80
- 'be####icycle.net':80
- 'kn####icycle.net':80
- 'be###bridge.net':80
- 'kn###bridge.net':80
- 'be###whose.net':80
- 'cr###except.net':80
- 'su####bridge.net':80
- 'kn###whose.net':80
- 'su####except.net':80
- 'wa####icycle.net':80
- 'pa###bridge.net':80
- 'fi###bridge.net':80
- 'pa###except.net':80
- 'fi###except.net':80
- 'pa####icycle.net':80
- 'fi###whose.net':80
- 'fr###wagon.net':80
- 'fi####icycle.net':80
- 'pa###whose.net':80
- 'sm###whose.net':80
- 'wo###except.net':80
- 'sm###except.net':80
- 'th####twhose.net':80
- 'wa###whose.net':80
- 'wo###bridge.net':80
- 'sm####icycle.net':80
- 'wo###whose.net':80
- 'sm###bridge.net':80
- 'wo####icycle.net':80
- 'fi###enter.net':80
- 'fr###except.net':80
- 'fi###board.net':80
- 'pa###enter.net':80
- 'ex#####nceexcept.net':80
- 'fr####icycle.net':80
- 'ex#####ncebicycle.net':80
- 'fr###bridge.net':80
- 'ex#####ncebridge.net':80
- 'pa###board.net':80
- 'sm###board.net':80
- 'wo###enter.net':80
- 'sm###ladder.net':80
- 'wo###board.net':80
- 'sm###enter.net':80
- 'pa###ladder.net':80
- 'fi###ladder.net':80
- 'pa####haracter.net':80
- 'fi####haracter.net':80
- 'fr###whose.net':80
- 'me####bridge.net':80
- 'fo####bicycle.net':80
- 'me####except.net':80
- 'fo####bridge.net':80
- 'me####bicycle.net':80
- 'be###except.net':80
- 'kn###except.net':80
- 'fo###wwhose.net':80
- 'me###rwhose.net':80
- 'fo####except.net':80
- 'al####yexcept.net':80
- 'ge####manbridge.net':80
- 'ex####encewhose.net':80
- 'ge####manexcept.net':80
- 'al####ybridge.net':80
- 'ge####manwhose.net':80
- 'al####ywhose.net':80
- 'ge#####anbicycle.net':80
- 'al####ybicycle.net':80
- http://su###rwhose.net/index.php
- http://cr###whose.net/index.php
- http://su####bicycle.net/index.php
- http://cr####icycle.net/index.php
- http://th####texcept.net/index.php
- http://wa###bridge.net/index.php
- http://th####tbicycle.net/index.php
- http://wa###except.net/index.php
- http://th####tbridge.net/index.php
- http://cr###bridge.net/index.php
- http://be####icycle.net/index.php
- http://kn####icycle.net/index.php
- http://be###bridge.net/index.php
- http://kn###bridge.net/index.php
- http://be###whose.net/index.php
- http://cr###except.net/index.php
- http://su####bridge.net/index.php
- http://kn###whose.net/index.php
- http://su####except.net/index.php
- http://wa####icycle.net/index.php
- http://pa###bridge.net/index.php
- http://fi###bridge.net/index.php
- http://pa###except.net/index.php
- http://fi###except.net/index.php
- http://pa####icycle.net/index.php
- http://fi###whose.net/index.php
- http://fr###wagon.net/index.php
- http://fi####icycle.net/index.php
- http://pa###whose.net/index.php
- http://sm###whose.net/index.php
- http://wo###except.net/index.php
- http://sm###except.net/index.php
- http://th####twhose.net/index.php
- http://wa###whose.net/index.php
- http://wo###bridge.net/index.php
- http://sm####icycle.net/index.php
- http://wo###whose.net/index.php
- http://sm###bridge.net/index.php
- http://wo####icycle.net/index.php
- http://fi###enter.net/index.php
- http://fr###except.net/index.php
- http://fi###board.net/index.php
- http://pa###enter.net/index.php
- http://ex#####nceexcept.net/index.php
- http://fr####icycle.net/index.php
- http://ex#####ncebicycle.net/index.php
- http://fr###bridge.net/index.php
- http://ex#####ncebridge.net/index.php
- http://pa###board.net/index.php
- http://sm###board.net/index.php
- http://wo###enter.net/index.php
- http://sm###ladder.net/index.php
- http://wo###board.net/index.php
- http://sm###enter.net/index.php
- http://pa###ladder.net/index.php
- http://fi###ladder.net/index.php
- http://pa####haracter.net/index.php
- http://fi####haracter.net/index.php
- http://fr###whose.net/index.php
- http://me####bridge.net/index.php
- http://fo####bicycle.net/index.php
- http://me####except.net/index.php
- http://fo####bridge.net/index.php
- http://me####bicycle.net/index.php
- http://be###except.net/index.php
- http://kn###except.net/index.php
- http://fo###wwhose.net/index.php
- http://me###rwhose.net/index.php
- http://fo####except.net/index.php
- http://al####yexcept.net/index.php
- http://ge####manbridge.net/index.php
- http://ex####encewhose.net/index.php
- http://ge####manexcept.net/index.php
- http://al####ybridge.net/index.php
- http://ge####manwhose.net/index.php
- http://al####ywhose.net/index.php
- http://ge#####anbicycle.net/index.php
- http://al####ybicycle.net/index.php
- DNS ASK cr###whose.net
- DNS ASK th####texcept.net
- DNS ASK cr####icycle.net
- DNS ASK su###rwhose.net
- DNS ASK wa###except.net
- DNS ASK th####tbicycle.net
- DNS ASK wa####icycle.net
- DNS ASK th####tbridge.net
- DNS ASK wa###bridge.net
- DNS ASK su####bicycle.net
- DNS ASK kn####icycle.net
- DNS ASK be###whose.net
- DNS ASK kn###bridge.net
- DNS ASK be####icycle.net
- DNS ASK kn###whose.net
- DNS ASK su####bridge.net
- DNS ASK cr###bridge.net
- DNS ASK su####except.net
- DNS ASK cr###except.net
- DNS ASK th####twhose.net
- DNS ASK fi###bridge.net
- DNS ASK pa####icycle.net
- DNS ASK fi###except.net
- DNS ASK pa###bridge.net
- DNS ASK fi####icycle.net
- DNS ASK fr###wagon.net
- DNS ASK ex####encewagon.net
- DNS ASK pa###whose.net
- DNS ASK fi###whose.net
- DNS ASK pa###except.net
- DNS ASK sm###except.net
- DNS ASK wo###bridge.net
- DNS ASK wa###whose.net
- DNS ASK wo###except.net
- DNS ASK sm###bridge.net
- DNS ASK wo###whose.net
- DNS ASK sm###whose.net
- DNS ASK wo####icycle.net
- DNS ASK sm####icycle.net
- DNS ASK be###bridge.net
- DNS ASK fi###enter.net
- DNS ASK fr###except.net
- DNS ASK fi###board.net
- DNS ASK pa###enter.net
- DNS ASK ex#####nceexcept.net
- DNS ASK fr####icycle.net
- DNS ASK ex#####ncebicycle.net
- DNS ASK fr###bridge.net
- DNS ASK ex#####ncebridge.net
- DNS ASK pa###board.net
- DNS ASK sm###board.net
- DNS ASK wo###enter.net
- DNS ASK sm###ladder.net
- DNS ASK wo###board.net
- DNS ASK sm###enter.net
- DNS ASK pa###ladder.net
- DNS ASK fi###ladder.net
- DNS ASK pa####haracter.net
- DNS ASK fi####haracter.net
- DNS ASK fr###whose.net
- DNS ASK me####bridge.net
- DNS ASK fo####bicycle.net
- DNS ASK me####except.net
- DNS ASK fo####bridge.net
- DNS ASK me####bicycle.net
- DNS ASK be###except.net
- DNS ASK kn###except.net
- DNS ASK fo###wwhose.net
- DNS ASK me###rwhose.net
- DNS ASK fo####except.net
- DNS ASK al####yexcept.net
- DNS ASK ge####manbridge.net
- DNS ASK ex####encewhose.net
- DNS ASK ge####manexcept.net
- DNS ASK al####ybridge.net
- DNS ASK ge####manwhose.net
- DNS ASK al####ywhose.net
- DNS ASK ge#####anbicycle.net
- DNS ASK al####ybicycle.net
- ClassName: 'Shell_TrayWnd' WindowName: ''