Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Topology Print Acquisition' = 'C:\ymtompsxq\upwnfdmn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Configuration PnP-X Protection] 'Start' = '00000002'
- 'C:\ymtompsxq\qwffilobajd.exe' "c:\ymtompsxq\upwnfdmn.exe"
- 'C:\ymtompsxq\upwnfdmn.exe'
- 'C:\ymtompsxq\g80j3hhdrkx4rcsv1chv.exe'
- C:\ymtompsxq\upwnfdmn.exe
- C:\ymtompsxq\qwffilobajd.exe
- C:\ymtompsxq\g80j3hhdrkx4rcsv1chv.exe
- %WINDIR%\ymtompsxq\phimumftedj
- C:\ymtompsxq\phimumftedj
- C:\ymtompsxq\qwffilobajd.exe
- C:\ymtompsxq\upwnfdmn.exe
- C:\ymtompsxq\g80j3hhdrkx4rcsv1chv.exe
- %WINDIR%\ymtompsxq\phimumftedj
- 'be####ewithout.net':80
- 'ex####kitchen.net':80
- 'be####ewagon.net':80
- 'ex####without.net':80
- 'be####eprobable.net':80
- 'pe###nwagon.net':80
- 'be####ekitchen.net':80
- 'ex####probable.net':80
- 'ex###twagon.net':80
- 'ei####bridge.net':80
- 'en####hbridge.net':80
- 'ei####except.net':80
- 'en####hexcept.net':80
- 'ei###rwhose.net':80
- 'en####hwhose.net':80
- 'ei####bicycle.net':80
- 'en####hbicycle.net':80
- 'su####kitchen.net':80
- 'fo####nkitchen.net':80
- 'su####without.net':80
- 'fo####nwithout.net':80
- 'wh####rwagon.net':80
- 'ri###wagon.net':80
- 'su####probable.net':80
- 'fo####nprobable.net':80
- 'fo####nwagon.net':80
- 'ma####ewithout.net':80
- 'pe####kitchen.net':80
- 'ma####ewagon.net':80
- 'pe####without.net':80
- 'ma####eprobable.net':80
- 'su###nwagon.net':80
- 'ma####ekitchen.net':80
- 'pe####probable.net':80
- 'th####except.net':80
- 'fi####bridge.net':80
- 'ri###whose.net':80
- 'fi####except.net':80
- 'th####bicycle.net':80
- 'fi###ewhose.net':80
- 'th####bridge.net':80
- 'fi####bicycle.net':80
- 'wh####rwhose.net':80
- 'wh####rexcept.net':80
- 'ri###except.net':80
- 'su###nwhose.net':80
- 'fo####nwhose.net':80
- 'wh####rbicycle.net':80
- 'ri####icycle.net':80
- 'wh####rbridge.net':80
- 'ri###bridge.net':80
- 'ch####enbridge.net':80
- 'fa####bridge.net':80
- 'ch####enexcept.net':80
- 'fa####except.net':80
- 'ch####enwhose.net':80
- 'fa###ywhose.net':80
- 'ch####enbicycle.net':80
- 'fa####bicycle.net':80
- 'ci####ttewhose.net':80
- 'ci####tteexcept.net':80
- 'pi####ebridge.net':80
- 'th###hwhose.net':80
- 'pi####eexcept.net':80
- 'ci#####tebicycle.net':80
- 'pi####ewhose.net':80
- 'ci####ttebridge.net':80
- 'pi####ebicycle.net':80
- http://be####ewithout.net/index.php
- http://ex####kitchen.net/index.php
- http://be####ewagon.net/index.php
- http://ex####without.net/index.php
- http://be####eprobable.net/index.php
- http://pe###nwagon.net/index.php
- http://be####ekitchen.net/index.php
- http://ex####probable.net/index.php
- http://ex###twagon.net/index.php
- http://ei####bridge.net/index.php
- http://en####hbridge.net/index.php
- http://ei####except.net/index.php
- http://en####hexcept.net/index.php
- http://ei###rwhose.net/index.php
- http://en####hwhose.net/index.php
- http://ei####bicycle.net/index.php
- http://en####hbicycle.net/index.php
- http://su####kitchen.net/index.php
- http://fo####nkitchen.net/index.php
- http://su####without.net/index.php
- http://fo####nwithout.net/index.php
- http://wh####rwagon.net/index.php
- http://ri###wagon.net/index.php
- http://su####probable.net/index.php
- http://fo####nprobable.net/index.php
- http://fo####nwagon.net/index.php
- http://ma####ewithout.net/index.php
- http://pe####kitchen.net/index.php
- http://ma####ewagon.net/index.php
- http://pe####without.net/index.php
- http://ma####eprobable.net/index.php
- http://su###nwagon.net/index.php
- http://ma####ekitchen.net/index.php
- http://pe####probable.net/index.php
- http://th####except.net/index.php
- http://fi####bridge.net/index.php
- http://ri###whose.net/index.php
- http://fi####except.net/index.php
- http://th####bicycle.net/index.php
- http://fi###ewhose.net/index.php
- http://th####bridge.net/index.php
- http://fi####bicycle.net/index.php
- http://wh####rwhose.net/index.php
- http://wh####rexcept.net/index.php
- http://ri###except.net/index.php
- http://su###nwhose.net/index.php
- http://fo####nwhose.net/index.php
- http://wh####rbicycle.net/index.php
- http://ri####icycle.net/index.php
- http://wh####rbridge.net/index.php
- http://ri###bridge.net/index.php
- http://ch####enbridge.net/index.php
- http://fa####bridge.net/index.php
- http://ch####enexcept.net/index.php
- http://fa####except.net/index.php
- http://ch####enwhose.net/index.php
- http://fa###ywhose.net/index.php
- http://ch####enbicycle.net/index.php
- http://fa####bicycle.net/index.php
- http://ci####ttewhose.net/index.php
- http://ci####tteexcept.net/index.php
- http://pi####ebridge.net/index.php
- http://th###hwhose.net/index.php
- http://pi####eexcept.net/index.php
- http://ci#####tebicycle.net/index.php
- http://pi####ewhose.net/index.php
- http://ci####ttebridge.net/index.php
- http://pi####ebicycle.net/index.php
- DNS ASK ex####kitchen.net
- DNS ASK be####ekitchen.net
- DNS ASK ex####without.net
- DNS ASK be####ewithout.net
- DNS ASK pe###nwagon.net
- DNS ASK ma####ewagon.net
- DNS ASK ex####probable.net
- DNS ASK be####eprobable.net
- DNS ASK be####ewagon.net
- DNS ASK en####hbridge.net
- DNS ASK ei####bicycle.net
- DNS ASK en####hexcept.net
- DNS ASK ei####bridge.net
- DNS ASK en####hwhose.net
- DNS ASK ex###twagon.net
- DNS ASK en####hbicycle.net
- DNS ASK ei###rwhose.net
- DNS ASK fo####nkitchen.net
- DNS ASK su####probable.net
- DNS ASK fo####nwithout.net
- DNS ASK su####kitchen.net
- DNS ASK ri###wagon.net
- DNS ASK wh####rwithout.net
- DNS ASK fo####nprobable.net
- DNS ASK wh####rwagon.net
- DNS ASK su####without.net
- DNS ASK pe####kitchen.net
- DNS ASK ma####ekitchen.net
- DNS ASK pe####without.net
- DNS ASK ma####ewithout.net
- DNS ASK su###nwagon.net
- DNS ASK fo####nwagon.net
- DNS ASK pe####probable.net
- DNS ASK ma####eprobable.net
- DNS ASK ei####except.net
- DNS ASK th####except.net
- DNS ASK fi####bridge.net
- DNS ASK ri###whose.net
- DNS ASK fi####except.net
- DNS ASK th####bicycle.net
- DNS ASK fi###ewhose.net
- DNS ASK th####bridge.net
- DNS ASK fi####bicycle.net
- DNS ASK wh####rwhose.net
- DNS ASK wh####rexcept.net
- DNS ASK ri###except.net
- DNS ASK su###nwhose.net
- DNS ASK fo####nwhose.net
- DNS ASK wh####rbicycle.net
- DNS ASK ri####icycle.net
- DNS ASK wh####rbridge.net
- DNS ASK ri###bridge.net
- DNS ASK ch####enbridge.net
- DNS ASK fa####bridge.net
- DNS ASK ch####enexcept.net
- DNS ASK fa####except.net
- DNS ASK ch####enwhose.net
- DNS ASK fa###ywhose.net
- DNS ASK ch####enbicycle.net
- DNS ASK fa####bicycle.net
- DNS ASK ci####ttewhose.net
- DNS ASK ci####tteexcept.net
- DNS ASK pi####ebridge.net
- DNS ASK th###hwhose.net
- DNS ASK pi####eexcept.net
- DNS ASK ci#####tebicycle.net
- DNS ASK pi####ewhose.net
- DNS ASK ci####ttebridge.net
- DNS ASK pi####ebicycle.net
- ClassName: 'Shell_TrayWnd' WindowName: ''