Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Upgrade Base Adapter Copy Diagnostic' = 'C:\shabriurins\sdtsuzjrwd.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Player Trap Accounts Access Profile Problem] 'Start' = '00000002'
- 'C:\shabriurins\mocbxoy.exe' "c:\shabriurins\sdtsuzjrwd.exe"
- 'C:\shabriurins\sdtsuzjrwd.exe'
- 'C:\shabriurins\rfso2qq9v2dlkpvoi.exe'
- C:\shabriurins\sdtsuzjrwd.exe
- C:\shabriurins\mocbxoy.exe
- C:\shabriurins\ajc59s
- %WINDIR%\shabriurins\qlrsmetrikja
- C:\shabriurins\qlrsmetrikja
- C:\shabriurins\rfso2qq9v2dlkpvoi.exe
- C:\shabriurins\mocbxoy.exe
- C:\shabriurins\sdtsuzjrwd.exe
- C:\shabriurins\rfso2qq9v2dlkpvoi.exe
- %WINDIR%\shabriurins\qlrsmetrikja
- 'be####clothes.net':80
- 'ga####health.net':80
- 'be####health.net':80
- 'ga####clothes.net':80
- 'fl####eparate.net':80
- 'ga####distant.net':80
- 'be####distant.net':80
- 'ga####separate.net':80
- 'st####clothes.net':80
- 'tr###health.net':80
- 'st####health.net':80
- 'tr####lothes.net':80
- 'be####separate.net':80
- 'tr####istant.net':80
- 'st####distant.net':80
- 'se####health.net':80
- 'qu###health.net':80
- 'se####separate.net':80
- 'qu####lothes.net':80
- 'se####distant.net':80
- 'qu####istant.net':80
- 'se####clothes.net':80
- 'qu####eparate.net':80
- 'br###health.net':80
- 'fl###health.net':80
- 'br####eparate.net':80
- 'fl####lothes.net':80
- 'br####istant.net':80
- 'fl####istant.net':80
- 'br####lothes.net':80
- 'tr####eparate.net':80
- 'de####clothes.net':80
- 'ni####lothes.net':80
- 'de####health.net':80
- 'ni####istant.net':80
- 'ca####nseparate.net':80
- 'la####eparate.net':80
- 'de####distant.net':80
- 'ni###health.net':80
- 'do####lothes.net':80
- 'ag####tclothes.net':80
- 'do###health.net':80
- 'ag####tdistant.net':80
- 'de####separate.net':80
- 'ni####eparate.net':80
- 'do####istant.net':80
- 're####clothes.net':80
- 'el####ichealth.net':80
- 're####health.net':80
- 'el####icclothes.net':80
- 'st####separate.net':80
- 'el####icdistant.net':80
- 're####distant.net':80
- 'el#####cseparate.net':80
- 'la####lothes.net':80
- 'ca####nhealth.net':80
- 'la###health.net':80
- 'ca####nclothes.net':80
- 're####separate.net':80
- 'ca####ndistant.net':80
- 'la####istant.net':80
- http://be####clothes.net/index.php?me########
- http://ga####health.net/index.php?me########
- http://be####health.net/index.php?me########
- http://ga####clothes.net/index.php?me########
- http://fl####eparate.net/index.php?me########
- http://ga####distant.net/index.php?me########
- http://be####distant.net/index.php?me########
- http://ga####separate.net/index.php?me########
- http://st####clothes.net/index.php?me########
- http://tr###health.net/index.php?me########
- http://st####health.net/index.php?me########
- http://tr####lothes.net/index.php?me########
- http://be####separate.net/index.php?me########
- http://tr####istant.net/index.php?me########
- http://st####distant.net/index.php?me########
- http://se####health.net/index.php?me########
- http://qu###health.net/index.php?me########
- http://se####separate.net/index.php?me########
- http://qu####lothes.net/index.php?me########
- http://se####distant.net/index.php?me########
- http://qu####istant.net/index.php?me########
- http://se####clothes.net/index.php?me########
- http://qu####eparate.net/index.php?me########
- http://br###health.net/index.php?me########
- http://fl###health.net/index.php?me########
- http://br####eparate.net/index.php?me########
- http://fl####lothes.net/index.php?me########
- http://br####istant.net/index.php?me########
- http://fl####istant.net/index.php?me########
- http://br####lothes.net/index.php?me########
- http://tr####eparate.net/index.php?me########
- http://de####clothes.net/index.php?me########
- http://ni####lothes.net/index.php?me########
- http://de####health.net/index.php?me########
- http://ni####istant.net/index.php?me########
- http://ca####nseparate.net/index.php?me########
- http://la####eparate.net/index.php?me########
- http://de####distant.net/index.php?me########
- http://ni###health.net/index.php?me########
- http://do####lothes.net/index.php?me########
- http://ag####tclothes.net/index.php?me########
- http://do###health.net/index.php?me########
- http://ag####tdistant.net/index.php?me########
- http://de####separate.net/index.php?me########
- http://ni####eparate.net/index.php?me########
- http://do####istant.net/index.php?me########
- http://re####clothes.net/index.php?me########
- http://el####ichealth.net/index.php?me########
- http://re####health.net/index.php?me########
- http://el####icclothes.net/index.php?me########
- http://st####separate.net/index.php?me########
- http://el####icdistant.net/index.php?me########
- http://re####distant.net/index.php?me########
- http://el#####cseparate.net/index.php?me########
- http://la####lothes.net/index.php?me########
- http://ca####nhealth.net/index.php?me########
- http://la###health.net/index.php?me########
- http://ca####nclothes.net/index.php?me########
- http://re####separate.net/index.php?me########
- http://ca####ndistant.net/index.php?me########
- http://la####istant.net/index.php?me########
- DNS ASK be####clothes.net
- DNS ASK ga####health.net
- DNS ASK be####health.net
- DNS ASK ga####clothes.net
- DNS ASK fl####eparate.net
- DNS ASK ga####distant.net
- DNS ASK be####distant.net
- DNS ASK ga####separate.net
- DNS ASK st####clothes.net
- DNS ASK tr###health.net
- DNS ASK st####health.net
- DNS ASK tr####lothes.net
- DNS ASK be####separate.net
- DNS ASK tr####istant.net
- DNS ASK st####distant.net
- DNS ASK se####health.net
- DNS ASK qu###health.net
- DNS ASK se####separate.net
- DNS ASK qu####lothes.net
- DNS ASK se####distant.net
- DNS ASK qu####istant.net
- DNS ASK se####clothes.net
- DNS ASK qu####eparate.net
- DNS ASK br###health.net
- DNS ASK fl###health.net
- DNS ASK br####eparate.net
- DNS ASK fl####lothes.net
- DNS ASK br####istant.net
- DNS ASK fl####istant.net
- DNS ASK br####lothes.net
- DNS ASK tr####eparate.net
- DNS ASK de####clothes.net
- DNS ASK ni####lothes.net
- DNS ASK de####health.net
- DNS ASK ni####istant.net
- DNS ASK ca####nseparate.net
- DNS ASK la####eparate.net
- DNS ASK de####distant.net
- DNS ASK ni###health.net
- DNS ASK do####lothes.net
- DNS ASK ag####tclothes.net
- DNS ASK do###health.net
- DNS ASK ag####tdistant.net
- DNS ASK de####separate.net
- DNS ASK ni####eparate.net
- DNS ASK do####istant.net
- DNS ASK re####clothes.net
- DNS ASK el####ichealth.net
- DNS ASK re####health.net
- DNS ASK el####icclothes.net
- DNS ASK st####separate.net
- DNS ASK el####icdistant.net
- DNS ASK re####distant.net
- DNS ASK el#####cseparate.net
- DNS ASK la####lothes.net
- DNS ASK ca####nhealth.net
- DNS ASK la###health.net
- DNS ASK ca####nclothes.net
- DNS ASK re####separate.net
- DNS ASK ca####ndistant.net
- DNS ASK la####istant.net
- ClassName: 'Shell_TrayWnd' WindowName: ''