Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Policy Volume Internet Microsoft' = '<LS_APPDATA>\nznamyvn\bacbdrj.exe'
- '<LS_APPDATA>\nznamyvn\huufciao.exe' "<LS_APPDATA>\nznamyvn\bacbdrj.exe"
- '<LS_APPDATA>\nznamyvn\bacbdrj.exe'
- <LS_APPDATA>\nznamyvn\bacbdrj.mzbts
- <LS_APPDATA>\nznamyvn\huufciao.exe
- <LS_APPDATA>\nznamyvn\bacbdrj.exe
- <LS_APPDATA>\nznamyvn\huufciao.exe
- <LS_APPDATA>\nznamyvn\bacbdrj.exe
- 'ma####olirst.com':80
- 'bi##de.com':80
- 'ha##end.com':80
- 'mo##het.com':80
- 'ek##dar.com':80
- 'el##tow.com':80
- 'me##xe.com':80
- 'sw####lserits.com':80
- 'fe####lopazerns.com':80
- 'he####pcazers.com':80
- 'bi##rat.com':80
- 'fo###red.com':80
- 'va##xer.com':80
- 'lo##and.com':80
- 'ma###dpa.com':80
- 'jo###ret.com':80
- 'ne####titops.com':80
- 'go##tar.com':80
- 're##lt.com':80
- 'fa###erest.com':80
- 'el##rot.com':80
- 'op##red.com':80
- 'ha####pricezat.com':80
- 'bu###osasrl.com':80
- 'pu###inacee.com':80
- 'pa##dov.com':80
- 'po##ric.com':80
- 'bu###oriso.com':80
- 'ge####iroplop.com':80
- 'va##lt.com':80
- 'ji####olipop.com':80
- 'ba##ro.com':80
- 'ib##an.com':80
- 'gl###mec.com':80
- ma####olirst.com/forum/search.php?em#############################
- bi##de.com/forum/search.php?em#############################
- ha##end.com/forum/search.php?em#############################
- mo##het.com/forum/search.php?em#############################
- ek##dar.com/forum/search.php?em#############################
- el##tow.com/forum/search.php?em#############################
- me##xe.com/forum/search.php?em#############################
- sw####lserits.com/forum/search.php?em#############################
- fe####lopazerns.com/forum/search.php?em#############################
- he####pcazers.com/forum/search.php?em#############################
- bi##rat.com/forum/search.php?em#############################
- fo###red.com/forum/search.php?em#############################
- va##xer.com/forum/search.php?em#############################
- lo##and.com/forum/search.php?em#############################
- ma###dpa.com/forum/search.php?em#############################
- jo###ret.com/forum/search.php?em#############################
- ne####titops.com/forum/search.php?em#############################
- go##tar.com/forum/search.php?em#############################
- re##lt.com/forum/search.php?em#############################
- fa###erest.com/forum/search.php?em#############################
- el##rot.com/forum/search.php?em#############################
- op##red.com/forum/search.php?em#############################
- ha####pricezat.com/forum/search.php?em#############################
- bu###osasrl.com/forum/search.php?em#############################
- pu###inacee.com/forum/search.php?em#############################
- pa##dov.com/forum/search.php?em#############################
- po##ric.com/forum/search.php?em#############################
- bu###oriso.com/forum/search.php?em#############################
- ge####iroplop.com/forum/search.php?em#############################
- va##lt.com/forum/search.php?em#############################
- ji####olipop.com/forum/search.php?em#############################
- ba##ro.com/forum/search.php?em#############################
- ib##an.com/forum/search.php?em#############################
- gl###mec.com/forum/search.php?em#############################
- DNS ASK mo##het.com
- DNS ASK ma####olirst.com
- DNS ASK fe####lopazerns.com
- DNS ASK ha##end.com
- DNS ASK sw####lserits.com
- DNS ASK ek##dar.com
- DNS ASK bi##de.com
- DNS ASK me##xe.com
- DNS ASK ma###dpa.com
- DNS ASK va##xer.com
- DNS ASK he####pcazers.com
- DNS ASK ge####serops.com
- DNS ASK fo###red.com
- DNS ASK ne####titops.com
- DNS ASK lo##and.com
- DNS ASK bi##rat.com
- DNS ASK jo###ret.com
- DNS ASK el##tow.com
- DNS ASK go##tar.com
- DNS ASK re##lt.com
- DNS ASK fa###erest.com
- DNS ASK el##rot.com
- DNS ASK op##red.com
- DNS ASK ha####pricezat.com
- DNS ASK bu###osasrl.com
- DNS ASK pu###inacee.com
- DNS ASK pa##dov.com
- DNS ASK po##ric.com
- DNS ASK bu###oriso.com
- DNS ASK ge####iroplop.com
- DNS ASK va##lt.com
- DNS ASK ji####olipop.com
- DNS ASK ba##ro.com
- DNS ASK ib##an.com
- DNS ASK gl###mec.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'