Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Security Filtering Counter WebClient WinHTTP IKE' = 'C:\qjesgiaox\hfupnlix.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Driver Microsoft Defragmenter Internet] 'ImagePath' = 'C:\qjesgiaox\hfupnlix.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Driver Microsoft Defragmenter Internet] 'Start' = '00000002'
- C:\qjesgiaox\hfupnlix.exe
- C:\qjesgiaox\phxwvsdu.exe
- C:\qjesgiaox\xgwvov3yj
- %WINDIR%\qjesgiaox\vgajbfe
- C:\qjesgiaox\vgajbfe
- C:\qjesgiaox\nc39e4lgjsbitqfdb.exe
- C:\qjesgiaox\phxwvsdu.exe
- C:\qjesgiaox\hfupnlix.exe
- C:\qjesgiaox\nc39e4lgjsbitqfdb.exe
- %WINDIR%\qjesgiaox\vgajbfe
- 'ch###before.net':80
- 'th###device.net':80
- 'ch###device.net':80
- 'th###before.net':80
- 'wi####language.net':80
- 'su####settle.net':80
- 'wi####settle.net':80
- 'th####anguage.net':80
- 'ri####before.net':80
- 'be####device.net':80
- 'ri####device.net':80
- 'be####before.net':80
- 'ch####anguage.net':80
- 'th###settle.net':80
- 'ch###settle.net':80
- 'su####language.net':80
- 'ef####before.net':80
- 'th####hdevice.net':80
- 'ef####device.net':80
- 'th####hbefore.net':80
- 'fo####language.net':80
- 'in####sesettle.net':80
- 'fo####settle.net':80
- 'th####hlanguage.net':80
- 'wi####before.net':80
- 'su####device.net':80
- 'wi####device.net':80
- 'su####before.net':80
- 'ef####language.net':80
- 'th####hsettle.net':80
- 'ef####settle.net':80
- 'be####language.net':80
- 'wo###basket.net':80
- 're####ercontain.net':80
- 'wo####ontain.net':80
- 're####erbasket.net':80
- 'jo####ylanguage.net':80
- 'hu####dsettle.net':80
- 'jo####ysettle.net':80
- 're####erbecame.net':80
- 'fo####basket.net':80
- 'in####secontain.net':80
- 'fo####contain.net':80
- 'in####sebasket.net':80
- 'wo###became.net':80
- 're#####rindustry.net':80
- 'wo####ndustry.net':80
- 'hu####dlanguage.net':80
- 'de####ybefore.net':80
- 'li####device.net':80
- 'de####ydevice.net':80
- 'li####before.net':80
- 'ri####language.net':80
- 'be####settle.net':80
- 'ri####settle.net':80
- 'li####language.net':80
- 'jo####ybefore.net':80
- 'hu####ddevice.net':80
- 'jo####ydevice.net':80
- 'hu####dbefore.net':80
- 'de####ylanguage.net':80
- 'li####settle.net':80
- 'de####ysettle.net':80
- http://ch###before.net/index.php
- http://th###device.net/index.php
- http://ch###device.net/index.php
- http://th###before.net/index.php
- http://wi####language.net/index.php
- http://su####settle.net/index.php
- http://wi####settle.net/index.php
- http://th####anguage.net/index.php
- http://ri####before.net/index.php
- http://be####device.net/index.php
- http://ri####device.net/index.php
- http://be####before.net/index.php
- http://ch####anguage.net/index.php
- http://th###settle.net/index.php
- http://ch###settle.net/index.php
- http://su####language.net/index.php
- http://ef####before.net/index.php
- http://th####hdevice.net/index.php
- http://ef####device.net/index.php
- http://th####hbefore.net/index.php
- http://fo####language.net/index.php
- http://in####sesettle.net/index.php
- http://fo####settle.net/index.php
- http://th####hlanguage.net/index.php
- http://wi####before.net/index.php
- http://su####device.net/index.php
- http://wi####device.net/index.php
- http://su####before.net/index.php
- http://ef####language.net/index.php
- http://th####hsettle.net/index.php
- http://ef####settle.net/index.php
- http://be####language.net/index.php
- http://wo###basket.net/index.php
- http://re####ercontain.net/index.php
- http://wo####ontain.net/index.php
- http://re####erbasket.net/index.php
- http://jo####ylanguage.net/index.php
- http://hu####dsettle.net/index.php
- http://jo####ysettle.net/index.php
- http://re####erbecame.net/index.php
- http://fo####basket.net/index.php
- http://in####secontain.net/index.php
- http://fo####contain.net/index.php
- http://in####sebasket.net/index.php
- http://wo###became.net/index.php
- http://re#####rindustry.net/index.php
- http://wo####ndustry.net/index.php
- http://hu####dlanguage.net/index.php
- http://de####ybefore.net/index.php
- http://li####device.net/index.php
- http://de####ydevice.net/index.php
- http://li####before.net/index.php
- http://ri####language.net/index.php
- http://be####settle.net/index.php
- http://ri####settle.net/index.php
- http://li####language.net/index.php
- http://jo####ybefore.net/index.php
- http://hu####ddevice.net/index.php
- http://jo####ydevice.net/index.php
- http://hu####dbefore.net/index.php
- http://de####ylanguage.net/index.php
- http://li####settle.net/index.php
- http://de####ysettle.net/index.php
- DNS ASK ch###before.net
- DNS ASK th###before.net
- DNS ASK ch###device.net
- DNS ASK th###device.net
- DNS ASK wi####language.net
- DNS ASK su####language.net
- DNS ASK wi####settle.net
- DNS ASK su####settle.net
- DNS ASK ri####before.net
- DNS ASK be####before.net
- DNS ASK ri####device.net
- DNS ASK be####device.net
- DNS ASK ch####anguage.net
- DNS ASK th####anguage.net
- DNS ASK ch###settle.net
- DNS ASK th###settle.net
- DNS ASK ef####before.net
- DNS ASK th####hbefore.net
- DNS ASK ef####device.net
- DNS ASK th####hdevice.net
- DNS ASK fo####language.net
- DNS ASK in#####elanguage.net
- DNS ASK fo####settle.net
- DNS ASK in####sesettle.net
- DNS ASK wi####before.net
- DNS ASK su####before.net
- DNS ASK wi####device.net
- DNS ASK su####device.net
- DNS ASK ef####language.net
- DNS ASK th####hlanguage.net
- DNS ASK ef####settle.net
- DNS ASK th####hsettle.net
- DNS ASK wo###basket.net
- DNS ASK re####erbasket.net
- DNS ASK wo####ontain.net
- DNS ASK re####ercontain.net
- DNS ASK jo####ylanguage.net
- DNS ASK hu####dlanguage.net
- DNS ASK jo####ysettle.net
- DNS ASK hu####dsettle.net
- DNS ASK fo####basket.net
- DNS ASK in####sebasket.net
- DNS ASK fo####contain.net
- DNS ASK in####secontain.net
- DNS ASK wo###became.net
- DNS ASK re####erbecame.net
- DNS ASK wo####ndustry.net
- DNS ASK re#####rindustry.net
- DNS ASK de####ybefore.net
- DNS ASK li####before.net
- DNS ASK de####ydevice.net
- DNS ASK li####device.net
- DNS ASK ri####language.net
- DNS ASK be####language.net
- DNS ASK ri####settle.net
- DNS ASK be####settle.net
- DNS ASK jo####ybefore.net
- DNS ASK hu####dbefore.net
- DNS ASK jo####ydevice.net
- DNS ASK hu####ddevice.net
- DNS ASK de####ylanguage.net
- DNS ASK li####language.net
- DNS ASK de####ysettle.net
- DNS ASK li####settle.net
- ClassName: 'Shell_TrayWnd' WindowName: ''