Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Credential Isolation Shell SPP Now Proxy Netlogon' = 'C:\onujzuyh\ysh3xrdwbx.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Auto Parental Redirector Video] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Auto Parental Redirector Video] 'ImagePath' = 'C:\onujzuyh\ysh3xrdwbx.exe'
- %WINDIR%\onujzuyh\lq5ihk90idsb
- C:\onujzuyh\lq5ihk90idsb
- C:\onujzuyh\wpfnfy1q36owybfgeop4x.exe
- C:\onujzuyh\ysh3xrdwbx.exe
- C:\onujzuyh\pdvngch.exe
- C:\onujzuyh\trxbjda1rr1
- C:\onujzuyh\ysh3xrdwbx.exe
- C:\onujzuyh\pdvngch.exe
- %WINDIR%\onujzuyh\lq5ihk90idsb
- C:\onujzuyh\wpfnfy1q36owybfgeop4x.exe
- %WINDIR%\onujzuyh\lq5ihk90idsb
- 'kr#####leunderhill.net':80
- 'sh#####lepatterson.net':80
- 'gr#####orblackwood.net':80
- 'sh#####leblackwood.net':80
- 'gr#####orsherburne.net':80
- 'sh#####lesherburne.net':80
- 'br#####iaunderhill.net':80
- 'ga#####launderhill.net':80
- 'br#####iapatterson.net':80
- 'ga#####lapatterson.net':80
- 'br#####iablackwood.net':80
- 'ga#####lablackwood.net':80
- 'br#####iasherburne.net':80
- 'ga#####lasherburne.net':80
- 'an#####launderhill.net':80
- 'ga#####leunderhill.net':80
- 'an#####lapatterson.net':80
- 'ga#####lepatterson.net':80
- 'an#####lablackwood.net':80
- 'ga#####leblackwood.net':80
- 'an#####lasherburne.net':80
- 'ga#####lesherburne.net':80
- 'si#####erdickinson.net':80
- 'gr#####ledickinson.net':80
- 'si#####erwakefield.net':80
- 'gr#####lewakefield.net':80
- 'si#####ernicholson.net':80
- 'gr#####lenicholson.net':80
- 'si#####ermartinson.net':80
- 'gr#####lemartinson.net':80
- 'gr#####orpatterson.net':80
- 'he#####ondickinson.net':80
- 'sh#####leunderhill.net':80
- 'ge#####nesherburne.net':80
- 'he#####onpatterson.net':80
- 'kr#####lepatterson.net':80
- 'he#####onblackwood.net':80
- 'kr#####leblackwood.net':80
- 'he#####onsherburne.net':80
- 'kr#####lesherburne.net':80
- 'th#####naunderhill.net':80
- 'ce#####neunderhill.net':80
- 'th#####napatterson.net':80
- 'ce#####nepatterson.net':80
- 'th#####nablackwood.net':80
- 'ce#####neblackwood.net':80
- 'th#####nasherburne.net':80
- 'ce#####nesherburne.net':80
- 'je#####onunderhill.net':80
- 'br#####teunderhill.net':80
- 'je#####onpatterson.net':80
- 'br#####tepatterson.net':80
- 'je#####onblackwood.net':80
- 'br#####teblackwood.net':80
- 'je#####onsherburne.net':80
- 'br#####tesherburne.net':80
- 'he#####taunderhill.net':80
- 'ge#####neunderhill.net':80
- 'he#####tapatterson.net':80
- 'ge#####nepatterson.net':80
- 'he#####tablackwood.net':80
- 'ge#####neblackwood.net':80
- 'he#####tasherburne.net':80
- 'gr#####orunderhill.net':80
- 'kr#####ledickinson.net':80
- http://kr#####leunderhill.net/index.php
- http://sh#####lepatterson.net/index.php
- http://gr#####orblackwood.net/index.php
- http://sh#####leblackwood.net/index.php
- http://gr#####orsherburne.net/index.php
- http://sh#####lesherburne.net/index.php
- http://br#####iaunderhill.net/index.php
- http://ga#####launderhill.net/index.php
- http://br#####iapatterson.net/index.php
- http://ga#####lapatterson.net/index.php
- http://br#####iablackwood.net/index.php
- http://ga#####lablackwood.net/index.php
- http://br#####iasherburne.net/index.php
- http://ga#####lasherburne.net/index.php
- http://an#####launderhill.net/index.php
- http://ga#####leunderhill.net/index.php
- http://an#####lapatterson.net/index.php
- http://ga#####lepatterson.net/index.php
- http://an#####lablackwood.net/index.php
- http://ga#####leblackwood.net/index.php
- http://an#####lasherburne.net/index.php
- http://ga#####lesherburne.net/index.php
- http://si#####erdickinson.net/index.php
- http://gr#####ledickinson.net/index.php
- http://si#####erwakefield.net/index.php
- http://gr#####lewakefield.net/index.php
- http://si#####ernicholson.net/index.php
- http://gr#####lenicholson.net/index.php
- http://si#####ermartinson.net/index.php
- http://gr#####lemartinson.net/index.php
- http://gr#####orpatterson.net/index.php
- http://he#####ondickinson.net/index.php
- http://sh#####leunderhill.net/index.php
- http://ge#####nesherburne.net/index.php
- http://he#####onpatterson.net/index.php
- http://kr#####lepatterson.net/index.php
- http://he#####onblackwood.net/index.php
- http://kr#####leblackwood.net/index.php
- http://he#####onsherburne.net/index.php
- http://kr#####lesherburne.net/index.php
- http://th#####naunderhill.net/index.php
- http://ce#####neunderhill.net/index.php
- http://th#####napatterson.net/index.php
- http://ce#####nepatterson.net/index.php
- http://th#####nablackwood.net/index.php
- http://ce#####neblackwood.net/index.php
- http://th#####nasherburne.net/index.php
- http://ce#####nesherburne.net/index.php
- http://je#####onunderhill.net/index.php
- http://br#####teunderhill.net/index.php
- http://je#####onpatterson.net/index.php
- http://br#####tepatterson.net/index.php
- http://je#####onblackwood.net/index.php
- http://br#####teblackwood.net/index.php
- http://je#####onsherburne.net/index.php
- http://br#####tesherburne.net/index.php
- http://he#####taunderhill.net/index.php
- http://ge#####neunderhill.net/index.php
- http://he#####tapatterson.net/index.php
- http://ge#####nepatterson.net/index.php
- http://he#####tablackwood.net/index.php
- http://ge#####neblackwood.net/index.php
- http://he#####tasherburne.net/index.php
- http://gr#####orunderhill.net/index.php
- http://kr#####ledickinson.net/index.php
- DNS ASK kr#####leunderhill.net
- DNS ASK sh#####leblackwood.net
- DNS ASK gr#####orsherburne.net
- DNS ASK sh#####lesherburne.net
- DNS ASK br#####iaunderhill.net
- DNS ASK ga#####launderhill.net
- DNS ASK br#####iapatterson.net
- DNS ASK ga#####lapatterson.net
- DNS ASK br#####iablackwood.net
- DNS ASK ga#####lablackwood.net
- DNS ASK br#####iasherburne.net
- DNS ASK ga#####lasherburne.net
- DNS ASK an#####launderhill.net
- DNS ASK ga#####leunderhill.net
- DNS ASK br#####teunderhill.net
- DNS ASK an#####lapatterson.net
- DNS ASK an#####lablackwood.net
- DNS ASK ga#####leblackwood.net
- DNS ASK an#####lasherburne.net
- DNS ASK ga#####lesherburne.net
- DNS ASK si#####erdickinson.net
- DNS ASK gr#####ledickinson.net
- DNS ASK si#####erwakefield.net
- DNS ASK gr#####lewakefield.net
- DNS ASK si#####ernicholson.net
- DNS ASK gr#####lenicholson.net
- DNS ASK si#####ermartinson.net
- DNS ASK gr#####lemartinson.net
- DNS ASK he#####ondickinson.net
- DNS ASK sh#####lepatterson.net
- DNS ASK gr#####orblackwood.net
- DNS ASK gr#####orpatterson.net
- DNS ASK sh#####leunderhill.net
- DNS ASK gr#####orunderhill.net
- DNS ASK kr#####lepatterson.net
- DNS ASK he#####onblackwood.net
- DNS ASK kr#####leblackwood.net
- DNS ASK he#####onsherburne.net
- DNS ASK kr#####lesherburne.net
- DNS ASK th#####naunderhill.net
- DNS ASK ce#####neunderhill.net
- DNS ASK th#####napatterson.net
- DNS ASK ce#####nepatterson.net
- DNS ASK th#####nablackwood.net
- DNS ASK ce#####neblackwood.net
- DNS ASK th#####nasherburne.net
- DNS ASK ce#####nesherburne.net
- DNS ASK kr#####ledickinson.net
- DNS ASK ga#####lepatterson.net
- DNS ASK je#####onunderhill.net
- DNS ASK br#####tepatterson.net
- DNS ASK je#####onblackwood.net
- DNS ASK br#####teblackwood.net
- DNS ASK je#####onsherburne.net
- DNS ASK br#####tesherburne.net
- DNS ASK he#####taunderhill.net
- DNS ASK ge#####neunderhill.net
- DNS ASK he#####tapatterson.net
- DNS ASK ge#####nepatterson.net
- DNS ASK he#####tablackwood.net
- DNS ASK ge#####neblackwood.net
- DNS ASK he#####tasherburne.net
- DNS ASK ge#####nesherburne.net
- DNS ASK he#####onpatterson.net
- DNS ASK je#####onpatterson.net
- DNS ASK he#####onwakefield.net
- 'C:\onujzuyh\wpfnfy1q36owybfgeop4x.exe'
- 'C:\onujzuyh\ysh3xrdwbx.exe'
- 'C:\onujzuyh\pdvngch.exe' "c:\onujzuyh\ysh3xrdwbx.exe"