Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Log Registry Health Credential Thread Intelligent' = 'C:\ydyjjretrmhzajq\vkzinincrxi.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Solutions Parental Extensible Framework Peer] 'Start' = '00000002'
- 'C:\ydyjjretrmhzajq\fwmviwaywvep.exe' "c:\ydyjjretrmhzajq\vkzinincrxi.exe"
- 'C:\ydyjjretrmhzajq\vkzinincrxi.exe'
- 'C:\ydyjjretrmhzajq\nqg31huq3rppliv.exe'
- C:\ydyjjretrmhzajq\vkzinincrxi.exe
- C:\ydyjjretrmhzajq\fwmviwaywvep.exe
- C:\ydyjjretrmhzajq\shwbcdauppuf
- %WINDIR%\ydyjjretrmhzajq\vxmqfyfozj
- C:\ydyjjretrmhzajq\vxmqfyfozj
- C:\ydyjjretrmhzajq\nqg31huq3rppliv.exe
- C:\ydyjjretrmhzajq\fwmviwaywvep.exe
- C:\ydyjjretrmhzajq\vkzinincrxi.exe
- C:\ydyjjretrmhzajq\nqg31huq3rppliv.exe
- %WINDIR%\ydyjjretrmhzajq\vxmqfyfozj
- 'co####ebottle.net':80
- 'ch###bottle.net':80
- 'co####edivide.net':80
- 'ch###divide.net':80
- 'co####estream.net':80
- 'ch###stream.net':80
- 'co####enothing.net':80
- 'ch####othing.net':80
- 'of###stream.net':80
- 'of###divide.net':80
- 'al###bottle.net':80
- 'mi####stream.net':80
- 'al###divide.net':80
- 'of####othing.net':80
- 'al###stream.net':80
- 'of###bottle.net':80
- 'al####othing.net':80
- 'th###course.net':80
- 'cl###paint.net':80
- 'th###women.net':80
- 'cl###course.net':80
- 'th###clean.net':80
- 'we####rwomen.net':80
- 'th###paint.net':80
- 'cl###clean.net':80
- 'cl###women.net':80
- 'pr####tbottle.net':80
- 'th###bottle.net':80
- 'pr####tdivide.net':80
- 'th###divide.net':80
- 'pr####tstream.net':80
- 'th###stream.net':80
- 'pr####tnothing.net':80
- 'th####othing.net':80
- http://co####ebottle.net/index.php?me########
- http://ch###bottle.net/index.php?me########
- http://co####edivide.net/index.php?me########
- http://ch###divide.net/index.php?me########
- http://co####estream.net/index.php?me########
- http://ch###stream.net/index.php?me########
- http://co####enothing.net/index.php?me########
- http://ch####othing.net/index.php?me########
- http://of###stream.net/index.php?me########
- http://of###divide.net/index.php?me########
- http://al###bottle.net/index.php?me########
- http://mi####stream.net/index.php?me########
- http://al###divide.net/index.php?me########
- http://of####othing.net/index.php?me########
- http://al###stream.net/index.php?me########
- http://of###bottle.net/index.php?me########
- http://al####othing.net/index.php?me########
- http://th###course.net/index.php?me########
- http://cl###paint.net/index.php?me########
- http://th###women.net/index.php?me########
- http://cl###course.net/index.php?me########
- http://th###clean.net/index.php?me########
- http://we####rwomen.net/index.php?me########
- http://th###paint.net/index.php?me########
- http://cl###clean.net/index.php?me########
- http://cl###women.net/index.php?me########
- http://pr####tbottle.net/index.php?me########
- http://th###bottle.net/index.php?me########
- http://pr####tdivide.net/index.php?me########
- http://th###divide.net/index.php?me########
- http://pr####tstream.net/index.php?me########
- http://th###stream.net/index.php?me########
- http://pr####tnothing.net/index.php?me########
- http://th####othing.net/index.php?me########
- DNS ASK ch###divide.net
- DNS ASK co####ebottle.net
- DNS ASK of###stream.net
- DNS ASK co####edivide.net
- DNS ASK ch####othing.net
- DNS ASK co####estream.net
- DNS ASK ch###bottle.net
- DNS ASK co####enothing.net
- DNS ASK al###stream.net
- DNS ASK al###divide.net
- DNS ASK of###divide.net
- DNS ASK tw####stream.net
- DNS ASK mi####stream.net
- DNS ASK al####othing.net
- DNS ASK of####othing.net
- DNS ASK al###bottle.net
- DNS ASK of###bottle.net
- DNS ASK ch###stream.net
- DNS ASK th###course.net
- DNS ASK cl###paint.net
- DNS ASK th###women.net
- DNS ASK cl###course.net
- DNS ASK th###clean.net
- DNS ASK we####rwomen.net
- DNS ASK th###paint.net
- DNS ASK cl###clean.net
- DNS ASK cl###women.net
- DNS ASK pr####tbottle.net
- DNS ASK th###bottle.net
- DNS ASK pr####tdivide.net
- DNS ASK th###divide.net
- DNS ASK pr####tstream.net
- DNS ASK th###stream.net
- DNS ASK pr####tnothing.net
- DNS ASK th####othing.net
- ClassName: 'Shell_TrayWnd' WindowName: ''