Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'User Themes Search Builder IPsec' = 'C:\pinjpjcjhwi\fapcayntz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Support Ordering Modules Reporting Config Program] 'ImagePath' = 'C:\pinjpjcjhwi\fapcayntz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Support Ordering Modules Reporting Config Program] 'Start' = '00000002'
- 'C:\pinjpjcjhwi\vxybdang.exe' "c:\pinjpjcjhwi\fapcayntz.exe"
- 'C:\pinjpjcjhwi\fapcayntz.exe'
- 'C:\pinjpjcjhwi\yjpe2luwglavwcef.exe'
- C:\pinjpjcjhwi\fapcayntz.exe
- C:\pinjpjcjhwi\vxybdang.exe
- C:\pinjpjcjhwi\yjpe2luwglavwcef.exe
- %WINDIR%\pinjpjcjhwi\bbf5ordh
- C:\pinjpjcjhwi\bbf5ordh
- C:\pinjpjcjhwi\vxybdang.exe
- C:\pinjpjcjhwi\fapcayntz.exe
- C:\pinjpjcjhwi\yjpe2luwglavwcef.exe
- %WINDIR%\pinjpjcjhwi\bbf5ordh
- 'th####treason.net':80
- 'wa###reason.net':80
- 'th####talmost.net':80
- 'wa###almost.net':80
- 'th####tvalue.net':80
- 'wa###value.net':80
- 'th####torderly.net':80
- 'wa####rderly.net':80
- 'su####reason.net':80
- 'cr###reason.net':80
- 'su####almost.net':80
- 'cr###almost.net':80
- 'su###rvalue.net':80
- 'cr###value.net':80
- 'su####orderly.net':80
- 'cr####rderly.net':80
- 'wo###almost.net':80
- 'fi###reason.net':80
- 'pa####rderly.net':80
- 'fi###almost.net':80
- 'pa###reason.net':80
- 'fi###value.net':80
- 'fr###chance.net':80
- 'fi####rderly.net':80
- 'pa###value.net':80
- 'sm###reason.net':80
- 'wo####rderly.net':80
- 'sm###almost.net':80
- 'wo###reason.net':80
- 'sm###value.net':80
- 'pa###almost.net':80
- 'sm####rderly.net':80
- 'wo###value.net':80
- 'kn###value.net':80
- 'ge####manalmost.net':80
- 'al####yalmost.net':80
- 'fr###value.net':80
- 'ex####encevalue.net':80
- 'ge#####anorderly.net':80
- 'al####yorderly.net':80
- 'ge####manreason.net':80
- 'al####yreason.net':80
- 'fr###almost.net':80
- 'ex#####ncealmost.net':80
- 'ei####oclock.net':80
- 'en####hoclock.net':80
- 'fr####rderly.net':80
- 'ex#####nceorderly.net':80
- 'fr###reason.net':80
- 'ex#####ncereason.net':80
- 'ge####manvalue.net':80
- 'kn###almost.net':80
- 'be###reason.net':80
- 'me###rvalue.net':80
- 'be###almost.net':80
- 'kn####rderly.net':80
- 'be###value.net':80
- 'kn###reason.net':80
- 'be####rderly.net':80
- 'me####almost.net':80
- 'fo####reason.net':80
- 'al####yvalue.net':80
- 'fo####almost.net':80
- 'me####orderly.net':80
- 'fo###wvalue.net':80
- 'me####reason.net':80
- 'fo####orderly.net':80
- http://th####treason.net/index.php
- http://wa###reason.net/index.php
- http://th####talmost.net/index.php
- http://wa###almost.net/index.php
- http://th####tvalue.net/index.php
- http://wa###value.net/index.php
- http://th####torderly.net/index.php
- http://wa####rderly.net/index.php
- http://su####reason.net/index.php
- http://cr###reason.net/index.php
- http://su####almost.net/index.php
- http://cr###almost.net/index.php
- http://su###rvalue.net/index.php
- http://cr###value.net/index.php
- http://su####orderly.net/index.php
- http://cr####rderly.net/index.php
- http://wo###almost.net/index.php
- http://fi###reason.net/index.php
- http://pa####rderly.net/index.php
- http://fi###almost.net/index.php
- http://pa###reason.net/index.php
- http://fi###value.net/index.php
- http://fr###chance.net/index.php
- http://fi####rderly.net/index.php
- http://pa###value.net/index.php
- http://sm###reason.net/index.php
- http://wo####rderly.net/index.php
- http://sm###almost.net/index.php
- http://wo###reason.net/index.php
- http://sm###value.net/index.php
- http://pa###almost.net/index.php
- http://sm####rderly.net/index.php
- http://wo###value.net/index.php
- http://kn###value.net/index.php
- http://ge####manalmost.net/index.php
- http://al####yalmost.net/index.php
- http://fr###value.net/index.php
- http://ex####encevalue.net/index.php
- http://ge#####anorderly.net/index.php
- http://al####yorderly.net/index.php
- http://ge####manreason.net/index.php
- http://al####yreason.net/index.php
- http://fr###almost.net/index.php
- http://ex#####ncealmost.net/index.php
- http://ei####oclock.net/index.php
- http://en####hoclock.net/index.php
- http://fr####rderly.net/index.php
- http://ex#####nceorderly.net/index.php
- http://fr###reason.net/index.php
- http://ex#####ncereason.net/index.php
- http://ge####manvalue.net/index.php
- http://kn###almost.net/index.php
- http://be###reason.net/index.php
- http://me###rvalue.net/index.php
- http://be###almost.net/index.php
- http://kn####rderly.net/index.php
- http://be###value.net/index.php
- http://kn###reason.net/index.php
- http://be####rderly.net/index.php
- http://me####almost.net/index.php
- http://fo####reason.net/index.php
- http://al####yvalue.net/index.php
- http://fo####almost.net/index.php
- http://me####orderly.net/index.php
- http://fo###wvalue.net/index.php
- http://me####reason.net/index.php
- http://fo####orderly.net/index.php
- DNS ASK th####treason.net
- DNS ASK wa###reason.net
- DNS ASK th####talmost.net
- DNS ASK wa###almost.net
- DNS ASK th####tvalue.net
- DNS ASK wa###value.net
- DNS ASK th####torderly.net
- DNS ASK wa####rderly.net
- DNS ASK su####reason.net
- DNS ASK cr###reason.net
- DNS ASK su####almost.net
- DNS ASK cr###almost.net
- DNS ASK su###rvalue.net
- DNS ASK cr###value.net
- DNS ASK su####orderly.net
- DNS ASK cr####rderly.net
- DNS ASK wo###almost.net
- DNS ASK fi###reason.net
- DNS ASK pa####rderly.net
- DNS ASK fi###almost.net
- DNS ASK pa###reason.net
- DNS ASK fi###value.net
- DNS ASK fr###chance.net
- DNS ASK fi####rderly.net
- DNS ASK pa###value.net
- DNS ASK sm###reason.net
- DNS ASK wo####rderly.net
- DNS ASK sm###almost.net
- DNS ASK wo###reason.net
- DNS ASK sm###value.net
- DNS ASK pa###almost.net
- DNS ASK sm####rderly.net
- DNS ASK wo###value.net
- DNS ASK kn###value.net
- DNS ASK ge####manalmost.net
- DNS ASK al####yalmost.net
- DNS ASK fr###value.net
- DNS ASK ex####encevalue.net
- DNS ASK ge#####anorderly.net
- DNS ASK al####yorderly.net
- DNS ASK ge####manreason.net
- DNS ASK al####yreason.net
- DNS ASK fr###almost.net
- DNS ASK ex#####ncealmost.net
- DNS ASK ei####oclock.net
- DNS ASK en####hoclock.net
- DNS ASK fr####rderly.net
- DNS ASK ex#####nceorderly.net
- DNS ASK fr###reason.net
- DNS ASK ex#####ncereason.net
- DNS ASK ge####manvalue.net
- DNS ASK kn###almost.net
- DNS ASK be###reason.net
- DNS ASK me###rvalue.net
- DNS ASK be###almost.net
- DNS ASK kn####rderly.net
- DNS ASK be###value.net
- DNS ASK kn###reason.net
- DNS ASK be####rderly.net
- DNS ASK me####almost.net
- DNS ASK fo####reason.net
- DNS ASK al####yvalue.net
- DNS ASK fo####almost.net
- DNS ASK me####orderly.net
- DNS ASK fo###wvalue.net
- DNS ASK me####reason.net
- DNS ASK fo####orderly.net
- ClassName: 'Shell_TrayWnd' WindowName: ''