Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Client Storage Process Network Removal' = 'C:\yunaqkpy\wohasankbtiu.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Workstation Isolation Parental IKE Trap] 'Start' = '00000002'
- 'C:\yunaqkpy\lupcktgzkwmu.exe' "c:\yunaqkpy\wohasankbtiu.exe"
- 'C:\yunaqkpy\wohasankbtiu.exe'
- 'C:\yunaqkpy\l02mh1qgurrpymxe.exe'
- C:\yunaqkpy\wohasankbtiu.exe
- C:\yunaqkpy\lupcktgzkwmu.exe
- C:\yunaqkpy\bksm5clcu
- %WINDIR%\yunaqkpy\li4ml4t
- C:\yunaqkpy\li4ml4t
- C:\yunaqkpy\l02mh1qgurrpymxe.exe
- C:\yunaqkpy\lupcktgzkwmu.exe
- C:\yunaqkpy\wohasankbtiu.exe
- C:\yunaqkpy\l02mh1qgurrpymxe.exe
- %WINDIR%\yunaqkpy\li4ml4t
- 'su###rspent.net':80
- 'cr###spent.net':80
- 'su####matter.net':80
- 'cr###matter.net':80
- 'su####control.net':80
- 'cr####ontrol.net':80
- 'su####together.net':80
- 'cr####ogether.net':80
- 'be###spent.net':80
- 'kn###spent.net':80
- 'be###matter.net':80
- 'kn###matter.net':80
- 'be####ontrol.net':80
- 'kn####ontrol.net':80
- 'be####ogether.net':80
- 'kn####ogether.net':80
- 'wo###spent.net':80
- 'sm###spent.net':80
- 'wo###matter.net':80
- 'sm###matter.net':80
- 'wo####ontrol.net':80
- 'sm####ontrol.net':80
- 'wo####ogether.net':80
- 'sm####ogether.net':80
- 'th####tspent.net':80
- 'wa###spent.net':80
- 'th####tmatter.net':80
- 'wa###matter.net':80
- 'th####tcontrol.net':80
- 'wa####ontrol.net':80
- 'th####ttogether.net':80
- 'wa####ogether.net':80
- 'fr###spent.net':80
- 'ex####encespent.net':80
- 'fr###matter.net':80
- 'ex#####ncematter.net':80
- 'fr####ontrol.net':80
- 'ex#####ncecontrol.net':80
- 'fr####ogether.net':80
- 'ex#####ncetogether.net':80
- 'se####lstraight.net':80
- 'ma#####lstraight.net':80
- 'se####lairplane.net':80
- 'ma#####lairplane.net':80
- 'se####lfence.net':80
- 'ma####alfence.net':80
- 'se####lguard.net':80
- 'ma####alguard.net':80
- 'fo###wspent.net':80
- 'me###rspent.net':80
- 'fo####matter.net':80
- 'me####matter.net':80
- 'fo####control.net':80
- 'me####control.net':80
- 'fo####together.net':80
- 'me####together.net':80
- 'ge####manspent.net':80
- 'al####yspent.net':80
- 'ge####manmatter.net':80
- 'al####ymatter.net':80
- 'ge#####ancontrol.net':80
- 'al####ycontrol.net':80
- 'ge#####antogether.net':80
- 'al####ytogether.net':80
- http://su###rspent.net/index.php?me########
- http://cr###spent.net/index.php?me########
- http://su####matter.net/index.php?me########
- http://cr###matter.net/index.php?me########
- http://su####control.net/index.php?me########
- http://cr####ontrol.net/index.php?me########
- http://su####together.net/index.php?me########
- http://cr####ogether.net/index.php?me########
- http://be###spent.net/index.php?me########
- http://kn###spent.net/index.php?me########
- http://be###matter.net/index.php?me########
- http://kn###matter.net/index.php?me########
- http://be####ontrol.net/index.php?me########
- http://kn####ontrol.net/index.php?me########
- http://be####ogether.net/index.php?me########
- http://kn####ogether.net/index.php?me########
- http://wo###spent.net/index.php?me########
- http://sm###spent.net/index.php?me########
- http://wo###matter.net/index.php?me########
- http://sm###matter.net/index.php?me########
- http://wo####ontrol.net/index.php?me########
- http://sm####ontrol.net/index.php?me########
- http://wo####ogether.net/index.php?me########
- http://sm####ogether.net/index.php?me########
- http://th####tspent.net/index.php?me########
- http://wa###spent.net/index.php?me########
- http://th####tmatter.net/index.php?me########
- http://wa###matter.net/index.php?me########
- http://th####tcontrol.net/index.php?me########
- http://wa####ontrol.net/index.php?me########
- http://th####ttogether.net/index.php?me########
- http://wa####ogether.net/index.php?me########
- http://fr###spent.net/index.php?me########
- http://ex####encespent.net/index.php?me########
- http://fr###matter.net/index.php?me########
- http://ex#####ncematter.net/index.php?me########
- http://fr####ontrol.net/index.php?me########
- http://ex#####ncecontrol.net/index.php?me########
- http://fr####ogether.net/index.php?me########
- http://ex#####ncetogether.net/index.php?me########
- http://se####lstraight.net/index.php?me########
- http://ma#####lstraight.net/index.php?me########
- http://se####lairplane.net/index.php?me########
- http://ma#####lairplane.net/index.php?me########
- http://se####lfence.net/index.php?me########
- http://ma####alfence.net/index.php?me########
- http://se####lguard.net/index.php?me########
- http://ma####alguard.net/index.php?me########
- http://fo###wspent.net/index.php?me########
- http://me###rspent.net/index.php?me########
- http://fo####matter.net/index.php?me########
- http://me####matter.net/index.php?me########
- http://fo####control.net/index.php?me########
- http://me####control.net/index.php?me########
- http://fo####together.net/index.php?me########
- http://me####together.net/index.php?me########
- http://ge####manspent.net/index.php?me########
- http://al####yspent.net/index.php?me########
- http://ge####manmatter.net/index.php?me########
- http://al####ymatter.net/index.php?me########
- http://ge#####ancontrol.net/index.php?me########
- http://al####ycontrol.net/index.php?me########
- http://ge#####antogether.net/index.php?me########
- http://al####ytogether.net/index.php?me########
- DNS ASK cr###spent.net
- DNS ASK su####together.net
- DNS ASK cr###matter.net
- DNS ASK su###rspent.net
- DNS ASK cr####ontrol.net
- DNS ASK th####tmatter.net
- DNS ASK cr####ogether.net
- DNS ASK su####control.net
- DNS ASK kn###spent.net
- DNS ASK be####ogether.net
- DNS ASK kn###matter.net
- DNS ASK be###spent.net
- DNS ASK kn####ontrol.net
- DNS ASK su####matter.net
- DNS ASK kn####ogether.net
- DNS ASK be####ontrol.net
- DNS ASK sm###spent.net
- DNS ASK wo####ogether.net
- DNS ASK sm###matter.net
- DNS ASK wo###spent.net
- DNS ASK sm####ontrol.net
- DNS ASK pa###matter.net
- DNS ASK sm####ogether.net
- DNS ASK wo####ontrol.net
- DNS ASK wa###spent.net
- DNS ASK th####ttogether.net
- DNS ASK wa###matter.net
- DNS ASK th####tspent.net
- DNS ASK wa####ontrol.net
- DNS ASK wo###matter.net
- DNS ASK wa####ogether.net
- DNS ASK th####tcontrol.net
- DNS ASK be###matter.net
- DNS ASK fr###spent.net
- DNS ASK ex####encespent.net
- DNS ASK fr###matter.net
- DNS ASK ex#####ncematter.net
- DNS ASK fr####ontrol.net
- DNS ASK ex#####ncecontrol.net
- DNS ASK fr####ogether.net
- DNS ASK ex#####ncetogether.net
- DNS ASK se####lstraight.net
- DNS ASK ma#####lstraight.net
- DNS ASK se####lairplane.net
- DNS ASK ma#####lairplane.net
- DNS ASK se####lfence.net
- DNS ASK ma####alfence.net
- DNS ASK se####lguard.net
- DNS ASK ma####alguard.net
- DNS ASK fo###wspent.net
- DNS ASK me###rspent.net
- DNS ASK fo####matter.net
- DNS ASK me####matter.net
- DNS ASK fo####control.net
- DNS ASK me####control.net
- DNS ASK fo####together.net
- DNS ASK me####together.net
- DNS ASK ge####manspent.net
- DNS ASK al####yspent.net
- DNS ASK ge####manmatter.net
- DNS ASK al####ymatter.net
- DNS ASK ge#####ancontrol.net
- DNS ASK al####ycontrol.net
- DNS ASK ge#####antogether.net
- DNS ASK al####ytogether.net
- ClassName: 'Shell_TrayWnd' WindowName: ''