Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Performance Function Windows PNRP Volume Drive' = '%APPDATA%\lulzqcnfw\uzsdnvyeuj.exe'
- '%APPDATA%\lulzqcnfw\bdaceoyr.exe' "%APPDATA%\lulzqcnfw\uzsdnvyeuj.exe"
- '%APPDATA%\lulzqcnfw\uzsdnvyeuj.exe'
- %APPDATA%\lulzqcnfw\uzsdnvyeuj.gqb
- %APPDATA%\lulzqcnfw\bdaceoyr.exe
- %APPDATA%\lulzqcnfw\uzsdnvyeuj.exe
- %APPDATA%\lulzqcnfw\bdaceoyr.exe
- %APPDATA%\lulzqcnfw\uzsdnvyeuj.exe
- 'de####wonder.net':80
- 'ni####iscover.net':80
- 'de####master.net':80
- 'ni###wonder.net':80
- 'ca####ncontinue.net':80
- 'la###master.net':80
- 'de####discover.net':80
- 'la####ontinue.net':80
- 'ni###master.net':80
- 'ag####twonder.net':80
- 'do###wonder.net':80
- 'ag####tmaster.net':80
- 'do###master.net':80
- 'ni####ontinue.net':80
- 'de####continue.net':80
- 'ag####tdiscover.net':80
- 'do####iscover.net':80
- 'ca####nmaster.net':80
- 'el#####cdiscover.net':80
- 'st####continue.net':80
- 'el####icwonder.net':80
- 're####discover.net':80
- 'tr###master.net':80
- 'st####wonder.net':80
- 'tr####ontinue.net':80
- 'st####master.net':80
- 're####wonder.net':80
- 'la####iscover.net':80
- 'ca####ndiscover.net':80
- 'la###wonder.net':80
- 'ca####nwonder.net':80
- 're####master.net':80
- 'el####icmaster.net':80
- 're####continue.net':80
- 'el#####ccontinue.net':80
- 'be####trouble.net':80
- 'ga####trouble.net':80
- 'be####strong.net':80
- 'ga####strong.net':80
- 'be####caught.net':80
- 'ga####caught.net':80
- 'be####president.net':80
- 'ga####president.net':80
- 'tr###caught.net':80
- 'tr###strong.net':80
- 'st####trouble.net':80
- 'el####iccaught.net':80
- 'st####strong.net':80
- 'tr####resident.net':80
- 'st####caught.net':80
- 'tr####rouble.net':80
- 'st####president.net':80
- 'fl###strong.net':80
- 'qu####resident.net':80
- 'se####president.net':80
- 'qu####rouble.net':80
- 'se####trouble.net':80
- 'ag####tcontinue.net':80
- 'do####ontinue.net':80
- 'qu###caught.net':80
- 'se####caught.net':80
- 'se####strong.net':80
- 'br####rouble.net':80
- 'fl####resident.net':80
- 'br###strong.net':80
- 'fl####rouble.net':80
- 'br###caught.net':80
- 'qu###strong.net':80
- 'br####resident.net':80
- 'fl###caught.net':80
- http://de####wonder.net/forum/search.php?em######################################
- http://ni####iscover.net/forum/search.php?em######################################
- http://de####master.net/forum/search.php?em######################################
- http://ni###wonder.net/forum/search.php?em######################################
- http://ca####ncontinue.net/forum/search.php?em######################################
- http://la###master.net/forum/search.php?em######################################
- http://de####discover.net/forum/search.php?em######################################
- http://la####ontinue.net/forum/search.php?em######################################
- http://ni###master.net/forum/search.php?em######################################
- http://ag####twonder.net/forum/search.php?em######################################
- http://do###wonder.net/forum/search.php?em######################################
- http://ag####tmaster.net/forum/search.php?em######################################
- http://do###master.net/forum/search.php?em######################################
- http://ni####ontinue.net/forum/search.php?em######################################
- http://de####continue.net/forum/search.php?em######################################
- http://ag####tdiscover.net/forum/search.php?em######################################
- http://do####iscover.net/forum/search.php?em######################################
- http://ca####nmaster.net/forum/search.php?em######################################
- http://el#####cdiscover.net/forum/search.php?em######################################
- http://st####continue.net/forum/search.php?em######################################
- http://el####icwonder.net/forum/search.php?em######################################
- http://re####discover.net/forum/search.php?em######################################
- http://tr###master.net/forum/search.php?em######################################
- http://st####wonder.net/forum/search.php?em######################################
- http://tr####ontinue.net/forum/search.php?em######################################
- http://st####master.net/forum/search.php?em######################################
- http://re####wonder.net/forum/search.php?em######################################
- http://la####iscover.net/forum/search.php?em######################################
- http://ca####ndiscover.net/forum/search.php?em######################################
- http://la###wonder.net/forum/search.php?em######################################
- http://ca####nwonder.net/forum/search.php?em######################################
- http://re####master.net/forum/search.php?em######################################
- http://el####icmaster.net/forum/search.php?em######################################
- http://re####continue.net/forum/search.php?em######################################
- http://el#####ccontinue.net/forum/search.php?em######################################
- http://be####trouble.net/forum/search.php?em######################################
- http://ga####trouble.net/forum/search.php?em######################################
- http://be####strong.net/forum/search.php?em######################################
- http://ga####strong.net/forum/search.php?em######################################
- http://be####caught.net/forum/search.php?em######################################
- http://ga####caught.net/forum/search.php?em######################################
- http://be####president.net/forum/search.php?em######################################
- http://ga####president.net/forum/search.php?em######################################
- http://tr###caught.net/forum/search.php?em######################################
- http://tr###strong.net/forum/search.php?em######################################
- http://st####trouble.net/forum/search.php?em######################################
- http://el####iccaught.net/forum/search.php?em######################################
- http://st####strong.net/forum/search.php?em######################################
- http://tr####resident.net/forum/search.php?em######################################
- http://st####caught.net/forum/search.php?em######################################
- http://tr####rouble.net/forum/search.php?em######################################
- http://st####president.net/forum/search.php?em######################################
- http://fl###strong.net/forum/search.php?em######################################
- http://qu####resident.net/forum/search.php?em######################################
- http://se####president.net/forum/search.php?em######################################
- http://qu####rouble.net/forum/search.php?em######################################
- http://se####trouble.net/forum/search.php?em######################################
- http://ag####tcontinue.net/forum/search.php?em######################################
- http://do####ontinue.net/forum/search.php?em######################################
- http://qu###caught.net/forum/search.php?em######################################
- http://se####caught.net/forum/search.php?em######################################
- http://se####strong.net/forum/search.php?em######################################
- http://br####rouble.net/forum/search.php?em######################################
- http://fl####resident.net/forum/search.php?em######################################
- http://br###strong.net/forum/search.php?em######################################
- http://fl####rouble.net/forum/search.php?em######################################
- http://br###caught.net/forum/search.php?em######################################
- http://qu###strong.net/forum/search.php?em######################################
- http://br####resident.net/forum/search.php?em######################################
- http://fl###caught.net/forum/search.php?em######################################
- DNS ASK de####wonder.net
- DNS ASK ni####iscover.net
- DNS ASK de####master.net
- DNS ASK ni###wonder.net
- DNS ASK ca####ncontinue.net
- DNS ASK la###master.net
- DNS ASK de####discover.net
- DNS ASK la####ontinue.net
- DNS ASK ni###master.net
- DNS ASK ag####twonder.net
- DNS ASK do###wonder.net
- DNS ASK ag####tmaster.net
- DNS ASK do###master.net
- DNS ASK ni####ontinue.net
- DNS ASK de####continue.net
- DNS ASK ag####tdiscover.net
- DNS ASK do####iscover.net
- DNS ASK ca####nmaster.net
- DNS ASK el#####cdiscover.net
- DNS ASK st####continue.net
- DNS ASK el####icwonder.net
- DNS ASK re####discover.net
- DNS ASK tr###master.net
- DNS ASK st####wonder.net
- DNS ASK tr####ontinue.net
- DNS ASK st####master.net
- DNS ASK re####wonder.net
- DNS ASK la####iscover.net
- DNS ASK ca####ndiscover.net
- DNS ASK la###wonder.net
- DNS ASK ca####nwonder.net
- DNS ASK re####master.net
- DNS ASK el####icmaster.net
- DNS ASK re####continue.net
- DNS ASK el#####ccontinue.net
- DNS ASK be####trouble.net
- DNS ASK ga####trouble.net
- DNS ASK be####strong.net
- DNS ASK ga####strong.net
- DNS ASK be####caught.net
- DNS ASK ga####caught.net
- DNS ASK be####president.net
- DNS ASK ga####president.net
- DNS ASK tr###caught.net
- DNS ASK tr###strong.net
- DNS ASK st####trouble.net
- DNS ASK el####iccaught.net
- DNS ASK st####strong.net
- DNS ASK tr####resident.net
- DNS ASK st####caught.net
- DNS ASK tr####rouble.net
- DNS ASK st####president.net
- DNS ASK fl###strong.net
- DNS ASK qu####resident.net
- DNS ASK se####president.net
- DNS ASK qu####rouble.net
- DNS ASK se####trouble.net
- DNS ASK ag####tcontinue.net
- DNS ASK do####ontinue.net
- DNS ASK qu###caught.net
- DNS ASK se####caught.net
- DNS ASK se####strong.net
- DNS ASK br####rouble.net
- DNS ASK fl####resident.net
- DNS ASK br###strong.net
- DNS ASK fl####rouble.net
- DNS ASK br###caught.net
- DNS ASK qu###strong.net
- DNS ASK br####resident.net
- DNS ASK fl###caught.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''