Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Logon Smart Credential Card' = 'C:\acapciiq\ctovsyjy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Function CNG Base Encrypting] 'ImagePath' = 'C:\acapciiq\ctovsyjy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Function CNG Base Encrypting] 'Start' = '00000002'
- 'C:\acapciiq\onvnkdjn.exe' "c:\acapciiq\ctovsyjy.exe"
- 'C:\acapciiq\ctovsyjy.exe'
- 'C:\acapciiq\po2wjgctsvkufkb.exe'
- C:\acapciiq\ctovsyjy.exe
- C:\acapciiq\onvnkdjn.exe
- C:\acapciiq\po2wjgctsvkufkb.exe
- %WINDIR%\acapciiq\tmnslbl
- C:\acapciiq\tmnslbl
- C:\acapciiq\onvnkdjn.exe
- C:\acapciiq\ctovsyjy.exe
- C:\acapciiq\po2wjgctsvkufkb.exe
- %WINDIR%\acapciiq\tmnslbl
- 'bu#####gdistance.net':80
- 'ev####gdistance.net':80
- 'bu####ngsupply.net':80
- 'ev####gsupply.net':80
- 'bu####ngarrive.net':80
- 'ev####garrive.net':80
- 'bu####ngoffice.net':80
- 'ev####goffice.net':80
- 'mo#####tdistance.net':80
- 'ou####edistance.net':80
- 'mo####ntsupply.net':80
- 'ou####esupply.net':80
- 'mo####ntarrive.net':80
- 'ou####earrive.net':80
- 'mo####ntoffice.net':80
- 'ou####eoffice.net':80
- 'st###supply.net':80
- 'pr####distance.net':80
- 'do####office.net':80
- 'pr####supply.net':80
- 'do####distance.net':80
- 'pr####arrive.net':80
- 'fe####supply.net':80
- 'pr####office.net':80
- 'do####arrive.net':80
- 'mi####istance.net':80
- 'st###office.net':80
- 'mi###supply.net':80
- 'st####istance.net':80
- 'mi###arrive.net':80
- 'do####supply.net':80
- 'mi###office.net':80
- 'st###arrive.net':80
- 're####should.net':80
- 'br###nshort.net':80
- 'fe####promise.net':80
- 'br####should.net':80
- 're####opinion.net':80
- 'br####promise.net':80
- 're###tshort.net':80
- 'br####opinion.net':80
- 'fe####should.net':80
- 'do####should.net':80
- 'do####promise.net':80
- 'pr####promise.net':80
- 'fe####opinion.net':80
- 'do####opinion.net':80
- 'fe###wshort.net':80
- 'do###eshort.net':80
- 're####promise.net':80
- 'st####thshort.net':80
- 'st###short.net':80
- 'st####thshould.net':80
- 'st###should.net':80
- 'st####thpromise.net':80
- 'st####romise.net':80
- 'st####thopinion.net':80
- 'st####pinion.net':80
- 'pr####eshort.net':80
- 'de###eshort.net':80
- 'pr####eshould.net':80
- 'de####should.net':80
- 'pr####epromise.net':80
- 'de####promise.net':80
- 'pr####eopinion.net':80
- 'de####opinion.net':80
- http://bu#####gdistance.net/index.php
- http://ev####gdistance.net/index.php
- http://bu####ngsupply.net/index.php
- http://ev####gsupply.net/index.php
- http://bu####ngarrive.net/index.php
- http://ev####garrive.net/index.php
- http://bu####ngoffice.net/index.php
- http://ev####goffice.net/index.php
- http://mo#####tdistance.net/index.php
- http://ou####edistance.net/index.php
- http://mo####ntsupply.net/index.php
- http://ou####esupply.net/index.php
- http://mo####ntarrive.net/index.php
- http://ou####earrive.net/index.php
- http://mo####ntoffice.net/index.php
- http://ou####eoffice.net/index.php
- http://st###supply.net/index.php
- http://pr####distance.net/index.php
- http://do####office.net/index.php
- http://pr####supply.net/index.php
- http://do####distance.net/index.php
- http://pr####arrive.net/index.php
- http://fe####supply.net/index.php
- http://pr####office.net/index.php
- http://do####arrive.net/index.php
- http://mi####istance.net/index.php
- http://st###office.net/index.php
- http://mi###supply.net/index.php
- http://st####istance.net/index.php
- http://mi###arrive.net/index.php
- http://do####supply.net/index.php
- http://mi###office.net/index.php
- http://st###arrive.net/index.php
- http://re####should.net/index.php
- http://br###nshort.net/index.php
- http://fe####promise.net/index.php
- http://br####should.net/index.php
- http://re####opinion.net/index.php
- http://br####promise.net/index.php
- http://re###tshort.net/index.php
- http://br####opinion.net/index.php
- http://fe####should.net/index.php
- http://do####should.net/index.php
- http://do####promise.net/index.php
- http://pr####promise.net/index.php
- http://fe####opinion.net/index.php
- http://do####opinion.net/index.php
- http://fe###wshort.net/index.php
- http://do###eshort.net/index.php
- http://re####promise.net/index.php
- http://st####thshort.net/index.php
- http://st###short.net/index.php
- http://st####thshould.net/index.php
- http://st###should.net/index.php
- http://st####thpromise.net/index.php
- http://st####romise.net/index.php
- http://st####thopinion.net/index.php
- http://st####pinion.net/index.php
- http://pr####eshort.net/index.php
- http://de###eshort.net/index.php
- http://pr####eshould.net/index.php
- http://de####should.net/index.php
- http://pr####epromise.net/index.php
- http://de####promise.net/index.php
- http://pr####eopinion.net/index.php
- http://de####opinion.net/index.php
- DNS ASK bu#####gdistance.net
- DNS ASK ev####gdistance.net
- DNS ASK bu####ngsupply.net
- DNS ASK ev####gsupply.net
- DNS ASK bu####ngarrive.net
- DNS ASK ev####garrive.net
- DNS ASK bu####ngoffice.net
- DNS ASK ev####goffice.net
- DNS ASK mo#####tdistance.net
- DNS ASK ou####edistance.net
- DNS ASK mo####ntsupply.net
- DNS ASK ou####esupply.net
- DNS ASK mo####ntarrive.net
- DNS ASK ou####earrive.net
- DNS ASK mo####ntoffice.net
- DNS ASK ou####eoffice.net
- DNS ASK st###supply.net
- DNS ASK pr####distance.net
- DNS ASK do####office.net
- DNS ASK pr####supply.net
- DNS ASK do####distance.net
- DNS ASK pr####arrive.net
- DNS ASK fe####supply.net
- DNS ASK pr####office.net
- DNS ASK do####arrive.net
- DNS ASK mi####istance.net
- DNS ASK st###office.net
- DNS ASK mi###supply.net
- DNS ASK st####istance.net
- DNS ASK mi###arrive.net
- DNS ASK do####supply.net
- DNS ASK mi###office.net
- DNS ASK st###arrive.net
- DNS ASK re####should.net
- DNS ASK br###nshort.net
- DNS ASK fe####promise.net
- DNS ASK br####should.net
- DNS ASK re####opinion.net
- DNS ASK br####promise.net
- DNS ASK re###tshort.net
- DNS ASK br####opinion.net
- DNS ASK fe####should.net
- DNS ASK do####should.net
- DNS ASK do####promise.net
- DNS ASK pr####promise.net
- DNS ASK fe####opinion.net
- DNS ASK do####opinion.net
- DNS ASK fe###wshort.net
- DNS ASK do###eshort.net
- DNS ASK re####promise.net
- DNS ASK st####thshort.net
- DNS ASK st###short.net
- DNS ASK st####thshould.net
- DNS ASK st###should.net
- DNS ASK st####thpromise.net
- DNS ASK st####romise.net
- DNS ASK st####thopinion.net
- DNS ASK st####pinion.net
- DNS ASK pr####eshort.net
- DNS ASK de###eshort.net
- DNS ASK pr####eshould.net
- DNS ASK de####should.net
- DNS ASK pr####epromise.net
- DNS ASK de####promise.net
- DNS ASK pr####eopinion.net
- DNS ASK de####opinion.net
- ClassName: 'Shell_TrayWnd' WindowName: ''