Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DHCP Client Protocol Panel' = 'C:\jdpmnlpkppcatnq\zxdxcsom.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Program Cryptographic Now Peer Print Keying] 'ImagePath' = 'C:\jdpmnlpkppcatnq\zxdxcsom.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Program Cryptographic Now Peer Print Keying] 'Start' = '00000002'
- 'C:\jdpmnlpkppcatnq\pcrlthvusxp.exe' "c:\jdpmnlpkppcatnq\zxdxcsom.exe"
- 'C:\jdpmnlpkppcatnq\zxdxcsom.exe'
- 'C:\jdpmnlpkppcatnq\nu2mcpn7lkysddps.exe'
- C:\jdpmnlpkppcatnq\zxdxcsom.exe
- C:\jdpmnlpkppcatnq\pcrlthvusxp.exe
- C:\jdpmnlpkppcatnq\nu2mcpn7lkysddps.exe
- %WINDIR%\jdpmnlpkppcatnq\xioyvvko
- C:\jdpmnlpkppcatnq\xioyvvko
- C:\jdpmnlpkppcatnq\pcrlthvusxp.exe
- C:\jdpmnlpkppcatnq\zxdxcsom.exe
- C:\jdpmnlpkppcatnq\nu2mcpn7lkysddps.exe
- %WINDIR%\jdpmnlpkppcatnq\xioyvvko
- 'st###niece.net':80
- 'mi###niece.net':80
- 'mi###speak.net':80
- 'ev####goclock.net':80
- 'st###speak.net':80
- 'mi###oclock.net':80
- 'do###rspeak.net':80
- 'st###oclock.net':80
- 'st###write.net':80
- 'mi###write.net':80
- 'bu####ngspeak.net':80
- 'ev####gspeak.net':80
- 'ou####eoclock.net':80
- 'ou####ewrite.net':80
- 'mo####ntoclock.net':80
- 'ev####gwrite.net':80
- 'bu####ngoclock.net':80
- 'bu####ngwrite.net':80
- 'bu####ngniece.net':80
- 'ev####gniece.net':80
- 'fe####oclock.net':80
- 'br###nspeak.net':80
- 'do###ewrite.net':80
- 'do###eniece.net':80
- 'fe###wwrite.net':80
- 'br###nwrite.net':80
- 're###twrite.net':80
- 're###tniece.net':80
- 're###tspeak.net':80
- 'br###nniece.net':80
- 'do###rwrite.net':80
- 'pr###ywrite.net':80
- 'pr###yniece.net':80
- 'pr###yspeak.net':80
- 'do###rniece.net':80
- 'do###espeak.net':80
- 'fe###wniece.net':80
- 'fe###wspeak.net':80
- 'do####oclock.net':80
- 'pr####oclock.net':80
- 'mo####ntwrite.net':80
- 're####method.net':80
- 'br####action.net':80
- 'br####method.net':80
- 'fe####direct.net':80
- 'fe####brought.net':80
- 'br####brought.net':80
- 're####brought.net':80
- 're####direct.net':80
- 're####action.net':80
- 'br####direct.net':80
- 'do####direct.net':80
- 'pr####direct.net':80
- 'pr####action.net':80
- 'pr####method.net':80
- 'do####action.net':80
- 'do####method.net':80
- 'fe####action.net':80
- 'fe####method.net':80
- 'do####brought.net':80
- 'pr####brought.net':80
- 'st###direct.net':80
- 'st####thbrought.net':80
- 'st####thdirect.net':80
- 'st####thaction.net':80
- 'st###action.net':80
- 'mo####ntniece.net':80
- 'ou####eniece.net':80
- 'ou####espeak.net':80
- 'st####rought.net':80
- 'mo####ntspeak.net':80
- 'de####action.net':80
- 'pr####edirect.net':80
- 'pr####eaction.net':80
- 'pr####emethod.net':80
- 'de####method.net':80
- 'st####thmethod.net':80
- 'st###method.net':80
- 'de####brought.net':80
- 'de####direct.net':80
- 'pr####ebrought.net':80
- http://st###niece.net/index.php
- http://mi###niece.net/index.php
- http://mi###speak.net/index.php
- http://ev####goclock.net/index.php
- http://st###speak.net/index.php
- http://mi###oclock.net/index.php
- http://do###rspeak.net/index.php
- http://st###oclock.net/index.php
- http://st###write.net/index.php
- http://mi###write.net/index.php
- http://bu####ngspeak.net/index.php
- http://ev####gspeak.net/index.php
- http://ou####eoclock.net/index.php
- http://ou####ewrite.net/index.php
- http://mo####ntoclock.net/index.php
- http://ev####gwrite.net/index.php
- http://bu####ngoclock.net/index.php
- http://bu####ngwrite.net/index.php
- http://bu####ngniece.net/index.php
- http://ev####gniece.net/index.php
- http://fe####oclock.net/index.php
- http://br###nspeak.net/index.php
- http://do###ewrite.net/index.php
- http://do###eniece.net/index.php
- http://fe###wwrite.net/index.php
- http://br###nwrite.net/index.php
- http://re###twrite.net/index.php
- http://re###tniece.net/index.php
- http://re###tspeak.net/index.php
- http://br###nniece.net/index.php
- http://do###rwrite.net/index.php
- http://pr###ywrite.net/index.php
- http://pr###yniece.net/index.php
- http://pr###yspeak.net/index.php
- http://do###rniece.net/index.php
- http://do###espeak.net/index.php
- http://fe###wniece.net/index.php
- http://fe###wspeak.net/index.php
- http://do####oclock.net/index.php
- http://pr####oclock.net/index.php
- http://mo####ntwrite.net/index.php
- http://re####method.net/index.php
- http://br####action.net/index.php
- http://br####method.net/index.php
- http://fe####direct.net/index.php
- http://fe####brought.net/index.php
- http://br####brought.net/index.php
- http://re####brought.net/index.php
- http://re####direct.net/index.php
- http://re####action.net/index.php
- http://br####direct.net/index.php
- http://do####direct.net/index.php
- http://pr####direct.net/index.php
- http://pr####action.net/index.php
- http://pr####method.net/index.php
- http://do####action.net/index.php
- http://do####method.net/index.php
- http://fe####action.net/index.php
- http://fe####method.net/index.php
- http://do####brought.net/index.php
- http://pr####brought.net/index.php
- http://st###direct.net/index.php
- http://st####thbrought.net/index.php
- http://st####thdirect.net/index.php
- http://st####thaction.net/index.php
- http://st###action.net/index.php
- http://mo####ntniece.net/index.php
- http://ou####eniece.net/index.php
- http://ou####espeak.net/index.php
- http://st####rought.net/index.php
- http://mo####ntspeak.net/index.php
- http://de####action.net/index.php
- http://pr####edirect.net/index.php
- http://pr####eaction.net/index.php
- http://pr####emethod.net/index.php
- http://de####method.net/index.php
- http://st####thmethod.net/index.php
- http://st###method.net/index.php
- http://de####brought.net/index.php
- http://de####direct.net/index.php
- http://pr####ebrought.net/index.php
- DNS ASK st###niece.net
- DNS ASK mi###niece.net
- DNS ASK mi###speak.net
- DNS ASK ev####goclock.net
- DNS ASK st###speak.net
- DNS ASK mi###oclock.net
- DNS ASK do###rspeak.net
- DNS ASK st###oclock.net
- DNS ASK st###write.net
- DNS ASK mi###write.net
- DNS ASK bu####ngspeak.net
- DNS ASK ev####gspeak.net
- DNS ASK ou####eoclock.net
- DNS ASK ou####ewrite.net
- DNS ASK mo####ntoclock.net
- DNS ASK ev####gwrite.net
- DNS ASK bu####ngoclock.net
- DNS ASK bu####ngwrite.net
- DNS ASK bu####ngniece.net
- DNS ASK ev####gniece.net
- DNS ASK pr###yspeak.net
- DNS ASK br###nspeak.net
- DNS ASK re###tspeak.net
- DNS ASK fe####oclock.net
- DNS ASK fe###wwrite.net
- DNS ASK do###ewrite.net
- DNS ASK re###twrite.net
- DNS ASK br####oclock.net
- DNS ASK br###nwrite.net
- DNS ASK br###nniece.net
- DNS ASK re###tniece.net
- DNS ASK pr###ywrite.net
- DNS ASK do####oclock.net
- DNS ASK do###rwrite.net
- DNS ASK do###rniece.net
- DNS ASK pr###yniece.net
- DNS ASK fe###wniece.net
- DNS ASK do###eniece.net
- DNS ASK do###espeak.net
- DNS ASK pr####oclock.net
- DNS ASK fe###wspeak.net
- DNS ASK re####method.net
- DNS ASK br####action.net
- DNS ASK br####method.net
- DNS ASK fe####direct.net
- DNS ASK fe####brought.net
- DNS ASK br####brought.net
- DNS ASK re####brought.net
- DNS ASK re####direct.net
- DNS ASK re####action.net
- DNS ASK br####direct.net
- DNS ASK do####direct.net
- DNS ASK pr####direct.net
- DNS ASK pr####action.net
- DNS ASK pr####method.net
- DNS ASK do####action.net
- DNS ASK do####method.net
- DNS ASK fe####action.net
- DNS ASK fe####method.net
- DNS ASK do####brought.net
- DNS ASK pr####brought.net
- DNS ASK pr####emethod.net
- DNS ASK st####thbrought.net
- DNS ASK st####rought.net
- DNS ASK st###direct.net
- DNS ASK st###action.net
- DNS ASK st####thdirect.net
- DNS ASK ou####eniece.net
- DNS ASK mo####ntwrite.net
- DNS ASK mo####ntniece.net
- DNS ASK mo####ntspeak.net
- DNS ASK ou####espeak.net
- DNS ASK pr####edirect.net
- DNS ASK de####direct.net
- DNS ASK de####action.net
- DNS ASK de####method.net
- DNS ASK pr####eaction.net
- DNS ASK st###method.net
- DNS ASK st####thaction.net
- DNS ASK st####thmethod.net
- DNS ASK pr####ebrought.net
- DNS ASK de####brought.net
- ClassName: 'Shell_TrayWnd' WindowName: ''