Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DHCP Card AutoConfig Error' = 'C:\xysslaagnwav\wqaevbqzmzz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Shadow Debugger Assistant Protection] 'ImagePath' = 'C:\xysslaagnwav\wqaevbqzmzz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Shadow Debugger Assistant Protection] 'Start' = '00000002'
- 'C:\xysslaagnwav\edxcnnbfpq.exe' "c:\xysslaagnwav\wqaevbqzmzz.exe"
- 'C:\xysslaagnwav\wqaevbqzmzz.exe'
- 'C:\xysslaagnwav\eu9g2ri1kbmbep6deo.exe'
- C:\xysslaagnwav\wqaevbqzmzz.exe
- C:\xysslaagnwav\edxcnnbfpq.exe
- C:\xysslaagnwav\eu9g2ri1kbmbep6deo.exe
- %WINDIR%\xysslaagnwav\lukyp4zd
- C:\xysslaagnwav\lukyp4zd
- C:\xysslaagnwav\edxcnnbfpq.exe
- C:\xysslaagnwav\wqaevbqzmzz.exe
- C:\xysslaagnwav\eu9g2ri1kbmbep6deo.exe
- %WINDIR%\xysslaagnwav\lukyp4zd
- 're####ewelcome.net':80
- 'or###around.net':80
- 'ne#####rycomplete.net':80
- 'or####elcome.net':80
- 're####eproud.net':80
- 'or####omplete.net':80
- 're####earound.net':80
- 'or###proud.net':80
- 'pl#####tcomplete.net':80
- 'pl####ntwelcome.net':80
- 'ne#####rywelcome.net':80
- 'di#####ltcomplete.net':80
- 'he####omplete.net':80
- 'pl####ntproud.net':80
- 'ne####aryproud.net':80
- 'pl####ntaround.net':80
- 'ne####aryaround.net':80
- 're####ecomplete.net':80
- 'ge####complete.net':80
- 'va####swelcome.net':80
- 'ge####around.net':80
- 'ge###eproud.net':80
- 're####around.net':80
- 'va####sproud.net':80
- 're####welcome.net':80
- 'va####saround.net':80
- 'ge####welcome.net':80
- 'le####around.net':80
- 'he####around.net':80
- 'le####welcome.net':80
- 'he####welcome.net':80
- 'le####complete.net':80
- 'he####complete.net':80
- 'le###rproud.net':80
- 'he###nproud.net':80
- 'va####sprobable.net':80
- 're####probable.net':80
- 'va####skitchen.net':80
- 're####kitchen.net':80
- 'de####around.net':80
- 'fo####daround.net':80
- 'de####welcome.net':80
- 'fo####dwelcome.net':80
- 're####without.net':80
- 'ge####kitchen.net':80
- 'he####robable.net':80
- 'ge####without.net':80
- 'he####itchen.net':80
- 're###nwagon.net':80
- 'va####swithout.net':80
- 'ge####probable.net':80
- 'va####swagon.net':80
- 'de###eproud.net':80
- 'di#####ltwelcome.net':80
- 'he####elcome.net':80
- 'an####complete.net':80
- 'gl####omplete.net':80
- 'di####ultproud.net':80
- 'he###proud.net':80
- 'di####ultaround.net':80
- 'he###around.net':80
- 'gl###proud.net':80
- 'fo####dcomplete.net':80
- 'an####welcome.net':80
- 'fo####dproud.net':80
- 'de####complete.net':80
- 'gl###around.net':80
- 'an###rproud.net':80
- 'gl####elcome.net':80
- 'an####around.net':80
- http://re####ewelcome.net/index.php
- http://or###around.net/index.php
- http://ne#####rycomplete.net/index.php
- http://or####elcome.net/index.php
- http://re####eproud.net/index.php
- http://or####omplete.net/index.php
- http://re####earound.net/index.php
- http://or###proud.net/index.php
- http://pl#####tcomplete.net/index.php
- http://pl####ntwelcome.net/index.php
- http://ne#####rywelcome.net/index.php
- http://di#####ltcomplete.net/index.php
- http://he####omplete.net/index.php
- http://pl####ntproud.net/index.php
- http://ne####aryproud.net/index.php
- http://pl####ntaround.net/index.php
- http://ne####aryaround.net/index.php
- http://re####ecomplete.net/index.php
- http://ge####complete.net/index.php
- http://va####swelcome.net/index.php
- http://ge####around.net/index.php
- http://ge###eproud.net/index.php
- http://re####around.net/index.php
- http://va####sproud.net/index.php
- http://re####welcome.net/index.php
- http://va####saround.net/index.php
- http://ge####welcome.net/index.php
- http://le####around.net/index.php
- http://he####around.net/index.php
- http://le####welcome.net/index.php
- http://he####welcome.net/index.php
- http://le####complete.net/index.php
- http://he####complete.net/index.php
- http://le###rproud.net/index.php
- http://he###nproud.net/index.php
- http://va####sprobable.net/index.php
- http://re####probable.net/index.php
- http://va####skitchen.net/index.php
- http://re####kitchen.net/index.php
- http://de####around.net/index.php
- http://fo####daround.net/index.php
- http://de####welcome.net/index.php
- http://fo####dwelcome.net/index.php
- http://re####without.net/index.php
- http://ge####kitchen.net/index.php
- http://he####robable.net/index.php
- http://ge####without.net/index.php
- http://he####itchen.net/index.php
- http://re###nwagon.net/index.php
- http://va####swithout.net/index.php
- http://ge####probable.net/index.php
- http://va####swagon.net/index.php
- http://de###eproud.net/index.php
- http://di#####ltwelcome.net/index.php
- http://he####elcome.net/index.php
- http://an####complete.net/index.php
- http://gl####omplete.net/index.php
- http://di####ultproud.net/index.php
- http://he###proud.net/index.php
- http://di####ultaround.net/index.php
- http://he###around.net/index.php
- http://gl###proud.net/index.php
- http://fo####dcomplete.net/index.php
- http://an####welcome.net/index.php
- http://fo####dproud.net/index.php
- http://de####complete.net/index.php
- http://gl###around.net/index.php
- http://an###rproud.net/index.php
- http://gl####elcome.net/index.php
- http://an####around.net/index.php
- DNS ASK re####ewelcome.net
- DNS ASK or###around.net
- DNS ASK ne#####rycomplete.net
- DNS ASK or####elcome.net
- DNS ASK re####eproud.net
- DNS ASK or####omplete.net
- DNS ASK re####earound.net
- DNS ASK or###proud.net
- DNS ASK pl#####tcomplete.net
- DNS ASK pl####ntwelcome.net
- DNS ASK ne#####rywelcome.net
- DNS ASK di#####ltcomplete.net
- DNS ASK he####omplete.net
- DNS ASK pl####ntproud.net
- DNS ASK ne####aryproud.net
- DNS ASK pl####ntaround.net
- DNS ASK ne####aryaround.net
- DNS ASK re####ecomplete.net
- DNS ASK ge####complete.net
- DNS ASK va####swelcome.net
- DNS ASK ge####around.net
- DNS ASK ge###eproud.net
- DNS ASK re####around.net
- DNS ASK va####sproud.net
- DNS ASK re####welcome.net
- DNS ASK va####saround.net
- DNS ASK ge####welcome.net
- DNS ASK le####around.net
- DNS ASK he####around.net
- DNS ASK le####welcome.net
- DNS ASK he####welcome.net
- DNS ASK le####complete.net
- DNS ASK he####complete.net
- DNS ASK le###rproud.net
- DNS ASK he###nproud.net
- DNS ASK va####sprobable.net
- DNS ASK re####probable.net
- DNS ASK va####skitchen.net
- DNS ASK re####kitchen.net
- DNS ASK de####around.net
- DNS ASK fo####daround.net
- DNS ASK de####welcome.net
- DNS ASK fo####dwelcome.net
- DNS ASK re####without.net
- DNS ASK ge####kitchen.net
- DNS ASK he####robable.net
- DNS ASK ge####without.net
- DNS ASK he####itchen.net
- DNS ASK re###nwagon.net
- DNS ASK va####swithout.net
- DNS ASK ge####probable.net
- DNS ASK va####swagon.net
- DNS ASK de###eproud.net
- DNS ASK di#####ltwelcome.net
- DNS ASK he####elcome.net
- DNS ASK an####complete.net
- DNS ASK gl####omplete.net
- DNS ASK di####ultproud.net
- DNS ASK he###proud.net
- DNS ASK di####ultaround.net
- DNS ASK he###around.net
- DNS ASK gl###proud.net
- DNS ASK fo####dcomplete.net
- DNS ASK an####welcome.net
- DNS ASK fo####dproud.net
- DNS ASK de####complete.net
- DNS ASK gl###around.net
- DNS ASK an###rproud.net
- DNS ASK gl####elcome.net
- DNS ASK an####around.net
- ClassName: 'Shell_TrayWnd' WindowName: ''