Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Bus Telephony Superfetch Card Task Tablet' = 'C:\ghfbastazdcag\fxoaqgi.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Firewall Access DLL Call Filtering] 'Start' = '00000002'
- 'C:\ghfbastazdcag\qowxszdmsc.exe' "c:\ghfbastazdcag\fxoaqgi.exe"
- 'C:\ghfbastazdcag\fxoaqgi.exe'
- 'C:\ghfbastazdcag\pw2mouvzrtogkyjgfx.exe'
- C:\ghfbastazdcag\fxoaqgi.exe
- C:\ghfbastazdcag\qowxszdmsc.exe
- C:\ghfbastazdcag\cyttiu9k
- %WINDIR%\ghfbastazdcag\olawyganffso
- C:\ghfbastazdcag\olawyganffso
- C:\ghfbastazdcag\pw2mouvzrtogkyjgfx.exe
- C:\ghfbastazdcag\qowxszdmsc.exe
- C:\ghfbastazdcag\fxoaqgi.exe
- C:\ghfbastazdcag\pw2mouvzrtogkyjgfx.exe
- %WINDIR%\ghfbastazdcag\olawyganffso
- 'su####behind.net':80
- 'wi####butter.net':80
- 'wi####behind.net':80
- 'wi###nbroad.net':80
- 'su###rbroad.net':80
- 'ef###tbroad.net':80
- 'th####hbroad.net':80
- 'th#####understand.net':80
- 'su####butter.net':80
- 'ef#####nderstand.net':80
- 'th###broad.net':80
- 'ch###behind.net':80
- 'ch###broad.net':80
- 'ch####nderstand.net':80
- 'th####nderstand.net':80
- 'wi#####nderstand.net':80
- 'su#####nderstand.net':80
- 'th###butter.net':80
- 'th###behind.net':80
- 'ch###butter.net':80
- 're#####runderstand.net':80
- 'wo###broad.net':80
- 'wo####nderstand.net':80
- 'fo####butter.net':80
- 'in####sebutter.net':80
- 'wo###butter.net':80
- 're####erbutter.net':80
- 're####erbehind.net':80
- 're####erbroad.net':80
- 'wo###behind.net':80
- 'th####hbutter.net':80
- 'fo#####nderstand.net':80
- 'ef####butter.net':80
- 'ef####behind.net':80
- 'th####hbehind.net':80
- 'fo####behind.net':80
- 'in####sebehind.net':80
- 'in####sebroad.net':80
- 'in#####eunderstand.net':80
- 'fo###tbroad.net':80
- 'be####butter.net':80
- 'va####smayor.net':80
- 're###nmayor.net':80
- 're####perfect.net':80
- 're###nheart.net':80
- 'va####sperfect.net':80
- 'hu#####understand.net':80
- 'jo####ybroad.net':80
- 'jo#####understand.net':80
- 'va####sbattle.net':80
- 're####battle.net':80
- 'he####erfect.net':80
- 'ge####perfect.net':80
- 'ge###eheart.net':80
- 'he####battle.net':80
- 'he###heart.net':80
- 'ge####battle.net':80
- 'va####sheart.net':80
- 'he###battle.net':80
- 'he###mayor.net':80
- 'ge###emayor.net':80
- 'ri#####nderstand.net':80
- 'be#####nderstand.net':80
- 'li####butter.net':80
- 'li####behind.net':80
- 'de####ybutter.net':80
- 'be####behind.net':80
- 'ri####butter.net':80
- 'ri####behind.net':80
- 'ri###nbroad.net':80
- 'be###gbroad.net':80
- 'jo####ybutter.net':80
- 'hu####dbutter.net':80
- 'hu####dbehind.net':80
- 'hu####dbroad.net':80
- 'jo####ybehind.net':80
- 'li###ebroad.net':80
- 'de####ybehind.net':80
- 'de####ybroad.net':80
- 'de#####understand.net':80
- 'li#####nderstand.net':80
- http://su####behind.net/index.php
- http://wi####butter.net/index.php
- http://wi####behind.net/index.php
- http://wi###nbroad.net/index.php
- http://su###rbroad.net/index.php
- http://ef###tbroad.net/index.php
- http://th####hbroad.net/index.php
- http://th#####understand.net/index.php
- http://su####butter.net/index.php
- http://ef#####nderstand.net/index.php
- http://th###broad.net/index.php
- http://ch###behind.net/index.php
- http://ch###broad.net/index.php
- http://ch####nderstand.net/index.php
- http://th####nderstand.net/index.php
- http://wi#####nderstand.net/index.php
- http://su#####nderstand.net/index.php
- http://th###butter.net/index.php
- http://th###behind.net/index.php
- http://ch###butter.net/index.php
- http://re#####runderstand.net/index.php
- http://wo###broad.net/index.php
- http://wo####nderstand.net/index.php
- http://fo####butter.net/index.php
- http://in####sebutter.net/index.php
- http://wo###butter.net/index.php
- http://re####erbutter.net/index.php
- http://re####erbehind.net/index.php
- http://re####erbroad.net/index.php
- http://wo###behind.net/index.php
- http://th####hbutter.net/index.php
- http://fo#####nderstand.net/index.php
- http://ef####butter.net/index.php
- http://ef####behind.net/index.php
- http://th####hbehind.net/index.php
- http://fo####behind.net/index.php
- http://in####sebehind.net/index.php
- http://in####sebroad.net/index.php
- http://in#####eunderstand.net/index.php
- http://fo###tbroad.net/index.php
- http://be####butter.net/index.php
- http://va####smayor.net/index.php
- http://re###nmayor.net/index.php
- http://re####perfect.net/index.php
- http://re###nheart.net/index.php
- http://va####sperfect.net/index.php
- http://hu#####understand.net/index.php
- http://jo####ybroad.net/index.php
- http://jo#####understand.net/index.php
- http://va####sbattle.net/index.php
- http://re####battle.net/index.php
- http://he####erfect.net/index.php
- http://ge####perfect.net/index.php
- http://ge###eheart.net/index.php
- http://he####battle.net/index.php
- http://he###heart.net/index.php
- http://ge####battle.net/index.php
- http://va####sheart.net/index.php
- http://he###battle.net/index.php
- http://he###mayor.net/index.php
- http://ge###emayor.net/index.php
- http://ri#####nderstand.net/index.php
- http://be#####nderstand.net/index.php
- http://li####butter.net/index.php
- http://li####behind.net/index.php
- http://de####ybutter.net/index.php
- http://be####behind.net/index.php
- http://ri####butter.net/index.php
- http://ri####behind.net/index.php
- http://ri###nbroad.net/index.php
- http://be###gbroad.net/index.php
- http://jo####ybutter.net/index.php
- http://hu####dbutter.net/index.php
- http://hu####dbehind.net/index.php
- http://hu####dbroad.net/index.php
- http://jo####ybehind.net/index.php
- http://li###ebroad.net/index.php
- http://de####ybehind.net/index.php
- http://de####ybroad.net/index.php
- http://de#####understand.net/index.php
- http://li#####nderstand.net/index.php
- DNS ASK su####behind.net
- DNS ASK wi####butter.net
- DNS ASK wi####behind.net
- DNS ASK wi###nbroad.net
- DNS ASK su###rbroad.net
- DNS ASK ef###tbroad.net
- DNS ASK th####hbroad.net
- DNS ASK th#####understand.net
- DNS ASK su####butter.net
- DNS ASK ef#####nderstand.net
- DNS ASK th###broad.net
- DNS ASK ch###behind.net
- DNS ASK ch###broad.net
- DNS ASK ch####nderstand.net
- DNS ASK th####nderstand.net
- DNS ASK wi#####nderstand.net
- DNS ASK su#####nderstand.net
- DNS ASK th###butter.net
- DNS ASK th###behind.net
- DNS ASK ch###butter.net
- DNS ASK ef####behind.net
- DNS ASK wo###broad.net
- DNS ASK re####erbroad.net
- DNS ASK re#####runderstand.net
- DNS ASK in####sebutter.net
- DNS ASK wo####nderstand.net
- DNS ASK re####erbutter.net
- DNS ASK jo####ydried.net
- DNS ASK wo###butter.net
- DNS ASK wo###behind.net
- DNS ASK re####erbehind.net
- DNS ASK fo#####nderstand.net
- DNS ASK in#####eunderstand.net
- DNS ASK th####hbutter.net
- DNS ASK th####hbehind.net
- DNS ASK ef####butter.net
- DNS ASK in####sebehind.net
- DNS ASK fo####butter.net
- DNS ASK fo####behind.net
- DNS ASK fo###tbroad.net
- DNS ASK in####sebroad.net
- DNS ASK va####smayor.net
- DNS ASK re###nmayor.net
- DNS ASK re####perfect.net
- DNS ASK re###nheart.net
- DNS ASK va####sperfect.net
- DNS ASK hu#####understand.net
- DNS ASK jo####ybroad.net
- DNS ASK jo#####understand.net
- DNS ASK va####sbattle.net
- DNS ASK re####battle.net
- DNS ASK he####erfect.net
- DNS ASK ge####perfect.net
- DNS ASK ge###eheart.net
- DNS ASK he####battle.net
- DNS ASK he###heart.net
- DNS ASK ge####battle.net
- DNS ASK va####sheart.net
- DNS ASK he###battle.net
- DNS ASK he###mayor.net
- DNS ASK ge###emayor.net
- DNS ASK hu####dbroad.net
- DNS ASK be#####nderstand.net
- DNS ASK ri###nbroad.net
- DNS ASK ri#####nderstand.net
- DNS ASK de####ybutter.net
- DNS ASK li####butter.net
- DNS ASK ri####butter.net
- DNS ASK be####butter.net
- DNS ASK be####behind.net
- DNS ASK be###gbroad.net
- DNS ASK ri####behind.net
- DNS ASK hu####dbutter.net
- DNS ASK de#####understand.net
- DNS ASK jo####ybutter.net
- DNS ASK jo####ybehind.net
- DNS ASK hu####dbehind.net
- DNS ASK de####ybehind.net
- DNS ASK li####behind.net
- DNS ASK li###ebroad.net
- DNS ASK li#####nderstand.net
- DNS ASK de####ybroad.net
- ClassName: 'Shell_TrayWnd' WindowName: ''