Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Configuration Files Input WMI Driver Color' = 'C:\ahanyvz\oimbxds.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Framework Helper Modules Topology Transaction] 'ImagePath' = 'C:\ahanyvz\oimbxds.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Framework Helper Modules Topology Transaction] 'Start' = '00000002'
- 'C:\ahanyvz\iqzjgft.exe' "c:\ahanyvz\oimbxds.exe"
- 'C:\ahanyvz\oimbxds.exe'
- 'C:\ahanyvz\zsvae2vr8d9au4jaxlf5j.exe'
- C:\ahanyvz\oimbxds.exe
- C:\ahanyvz\iqzjgft.exe
- C:\ahanyvz\gzkdibn5be
- %WINDIR%\ahanyvz\bbmsxrp
- C:\ahanyvz\bbmsxrp
- C:\ahanyvz\zsvae2vr8d9au4jaxlf5j.exe
- C:\ahanyvz\iqzjgft.exe
- C:\ahanyvz\oimbxds.exe
- C:\ahanyvz\zsvae2vr8d9au4jaxlf5j.exe
- %WINDIR%\ahanyvz\bbmsxrp
- %WINDIR%\ahanyvz\bbmsxrp
- 'be####ebright.net':80
- 'ex####bright.net':80
- 'be####eexplain.net':80
- 'pe####instead.net':80
- 'be####einside.net':80
- 'ex####inside.net':80
- 'ex####explain.net':80
- 'ei####appear.net':80
- 'en####hbusiness.net':80
- 'ei####business.net':80
- 'be####einstead.net':80
- 'ex####instead.net':80
- 'en####happear.net':80
- 'ma####einstead.net':80
- 'fo####nexplain.net':80
- 'su####explain.net':80
- 'fo####ninstead.net':80
- 'su####inside.net':80
- 'fo####nbright.net':80
- 'su####bright.net':80
- 'su####instead.net':80
- 'pe####bright.net':80
- 'ma####eexplain.net':80
- 'pe####explain.net':80
- 'ma####einside.net':80
- 'pe####inside.net':80
- 'ma####ebright.net':80
- 'en####hanother.net':80
- 'ci####ttemanner.net':80
- 'pi####emanner.net':80
- 'th####appear.net':80
- 'pi####ebusiness.net':80
- 'ci#####teanother.net':80
- 'pi####eanother.net':80
- 'fi####appear.net':80
- 'fi####another.net':80
- 'th####manner.net':80
- 'fi####manner.net':80
- 'th####business.net':80
- 'fi####business.net':80
- 'th####another.net':80
- 'ci#####tebusiness.net':80
- 'fa####appear.net':80
- 'ch####enappear.net':80
- 'fa####business.net':80
- 'ei####another.net':80
- 'en####hmanner.net':80
- 'ei####manner.net':80
- 'ch#####nbusiness.net':80
- 'ch####enmanner.net':80
- 'ci####tteappear.net':80
- 'pi####eappear.net':80
- 'fa####another.net':80
- 'ch####enanother.net':80
- 'fa####manner.net':80
- http://be####ebright.net/index.php?me########
- http://ex####bright.net/index.php?me########
- http://be####eexplain.net/index.php?me########
- http://pe####instead.net/index.php?me########
- http://be####einside.net/index.php?me########
- http://ex####inside.net/index.php?me########
- http://ex####explain.net/index.php?me########
- http://ei####appear.net/index.php?me########
- http://en####hbusiness.net/index.php?me########
- http://ei####business.net/index.php?me########
- http://be####einstead.net/index.php?me########
- http://ex####instead.net/index.php?me########
- http://en####happear.net/index.php?me########
- http://ma####einstead.net/index.php?me########
- http://fo####nexplain.net/index.php?me########
- http://su####explain.net/index.php?me########
- http://fo####ninstead.net/index.php?me########
- http://su####inside.net/index.php?me########
- http://fo####nbright.net/index.php?me########
- http://su####bright.net/index.php?me########
- http://su####instead.net/index.php?me########
- http://pe####bright.net/index.php?me########
- http://ma####eexplain.net/index.php?me########
- http://pe####explain.net/index.php?me########
- http://ma####einside.net/index.php?me########
- http://pe####inside.net/index.php?me########
- http://ma####ebright.net/index.php?me########
- http://en####hanother.net/index.php?me########
- http://ci####ttemanner.net/index.php?me########
- http://pi####emanner.net/index.php?me########
- http://th####appear.net/index.php?me########
- http://pi####ebusiness.net/index.php?me########
- http://ci#####teanother.net/index.php?me########
- http://pi####eanother.net/index.php?me########
- http://fi####appear.net/index.php?me########
- http://fi####another.net/index.php?me########
- http://th####manner.net/index.php?me########
- http://fi####manner.net/index.php?me########
- http://th####business.net/index.php?me########
- http://fi####business.net/index.php?me########
- http://th####another.net/index.php?me########
- http://ci#####tebusiness.net/index.php?me########
- http://fa####appear.net/index.php?me########
- http://ch####enappear.net/index.php?me########
- http://fa####business.net/index.php?me########
- http://ei####another.net/index.php?me########
- http://en####hmanner.net/index.php?me########
- http://ei####manner.net/index.php?me########
- http://ch#####nbusiness.net/index.php?me########
- http://ch####enmanner.net/index.php?me########
- http://ci####tteappear.net/index.php?me########
- http://pi####eappear.net/index.php?me########
- http://fa####another.net/index.php?me########
- http://ch####enanother.net/index.php?me########
- http://fa####manner.net/index.php?me########
- DNS ASK be####ebright.net
- DNS ASK ex####bright.net
- DNS ASK be####eexplain.net
- DNS ASK ex####inside.net
- DNS ASK ma####einstead.net
- DNS ASK pe####instead.net
- DNS ASK be####einside.net
- DNS ASK ei####appear.net
- DNS ASK en####hbusiness.net
- DNS ASK ei####business.net
- DNS ASK en####happear.net
- DNS ASK ex####explain.net
- DNS ASK be####einstead.net
- DNS ASK ex####instead.net
- DNS ASK fo####nexplain.net
- DNS ASK su####explain.net
- DNS ASK fo####ninstead.net
- DNS ASK su####bright.net
- DNS ASK fo####ninside.net
- DNS ASK su####inside.net
- DNS ASK fo####nbright.net
- DNS ASK pe####bright.net
- DNS ASK ma####eexplain.net
- DNS ASK pe####explain.net
- DNS ASK ma####ebright.net
- DNS ASK su####instead.net
- DNS ASK ma####einside.net
- DNS ASK pe####inside.net
- DNS ASK ci####ttemanner.net
- DNS ASK pi####emanner.net
- DNS ASK th####appear.net
- DNS ASK pi####eanother.net
- DNS ASK ci#####tebusiness.net
- DNS ASK pi####ebusiness.net
- DNS ASK ci#####teanother.net
- DNS ASK fi####another.net
- DNS ASK th####manner.net
- DNS ASK fi####manner.net
- DNS ASK th####another.net
- DNS ASK fi####appear.net
- DNS ASK th####business.net
- DNS ASK fi####business.net
- DNS ASK fa####appear.net
- DNS ASK ch####enappear.net
- DNS ASK fa####business.net
- DNS ASK ei####manner.net
- DNS ASK en####hanother.net
- DNS ASK ei####another.net
- DNS ASK en####hmanner.net
- DNS ASK ch####enmanner.net
- DNS ASK ci####tteappear.net
- DNS ASK pi####eappear.net
- DNS ASK fa####manner.net
- DNS ASK ch#####nbusiness.net
- DNS ASK fa####another.net
- DNS ASK ch####enanother.net