Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Search Config Offline Authentication' = '<LS_APPDATA>\zgcnpku\byhdbrcpnduz.exe'
- '<LS_APPDATA>\zgcnpku\bwjvdlbux.exe' "<LS_APPDATA>\zgcnpku\byhdbrcpnduz.exe"
- '<LS_APPDATA>\zgcnpku\byhdbrcpnduz.exe'
- <LS_APPDATA>\zgcnpku\byhdbrcpnduz.tqtke
- <LS_APPDATA>\zgcnpku\bwjvdlbux.exe
- <LS_APPDATA>\zgcnpku\byhdbrcpnduz.exe
- <LS_APPDATA>\zgcnpku\bwjvdlbux.exe
- <LS_APPDATA>\zgcnpku\byhdbrcpnduz.exe
- 'fo####dspeak.net':80
- 'de###espeak.net':80
- 'de###eniece.net':80
- 'de###ewrite.net':80
- 'fo####dniece.net':80
- 're####brought.net':80
- 're####action.net':80
- 'va####saction.net':80
- 'va####sdirect.net':80
- 'va####sbrought.net':80
- 're####direct.net':80
- 'fo####dwrite.net':80
- 'gl###write.net':80
- 'an###rwrite.net':80
- 'an####oclock.net':80
- 'di####ultspeak.net':80
- 'gl###oclock.net':80
- 'gl###niece.net':80
- 'fo####doclock.net':80
- 'de####oclock.net':80
- 'an###rspeak.net':80
- 'an###rniece.net':80
- 'gl###speak.net':80
- 're####method.net':80
- 'he####method.net':80
- 'le####method.net':80
- 'le####action.net':80
- 'le####direct.net':80
- 'he####action.net':80
- 're####ebrought.net':80
- 're####eaction.net':80
- 'or###action.net':80
- 'or###direct.net':80
- 'or####rought.net':80
- 're####edirect.net':80
- 'he####direct.net':80
- 'ge####direct.net':80
- 'he###direct.net':80
- 'he####rought.net':80
- 'va####smethod.net':80
- 'ge####brought.net':80
- 'ge####action.net':80
- 'he####brought.net':80
- 'le####brought.net':80
- 'he###method.net':80
- 'he###action.net':80
- 'ge####method.net':80
- fo####dspeak.net/forum/search.php?em##################################
- de###espeak.net/forum/search.php?em##################################
- de###eniece.net/forum/search.php?em##################################
- de###ewrite.net/forum/search.php?em##################################
- fo####dniece.net/forum/search.php?em##################################
- re####brought.net/forum/search.php?em##################################
- re####action.net/forum/search.php?em##################################
- va####saction.net/forum/search.php?em##################################
- va####sdirect.net/forum/search.php?em##################################
- va####sbrought.net/forum/search.php?em##################################
- re####direct.net/forum/search.php?em##################################
- fo####dwrite.net/forum/search.php?em##################################
- gl###write.net/forum/search.php?em##################################
- an###rwrite.net/forum/search.php?em##################################
- an####oclock.net/forum/search.php?em##################################
- di####ultspeak.net/forum/search.php?em##################################
- gl###oclock.net/forum/search.php?em##################################
- gl###niece.net/forum/search.php?em##################################
- fo####doclock.net/forum/search.php?em##################################
- de####oclock.net/forum/search.php?em##################################
- an###rspeak.net/forum/search.php?em##################################
- an###rniece.net/forum/search.php?em##################################
- gl###speak.net/forum/search.php?em##################################
- re####method.net/forum/search.php?em##################################
- he####method.net/forum/search.php?em##################################
- le####method.net/forum/search.php?em##################################
- le####action.net/forum/search.php?em##################################
- le####direct.net/forum/search.php?em##################################
- he####action.net/forum/search.php?em##################################
- re####ebrought.net/forum/search.php?em##################################
- re####eaction.net/forum/search.php?em##################################
- or###action.net/forum/search.php?em##################################
- or###direct.net/forum/search.php?em##################################
- or####rought.net/forum/search.php?em##################################
- re####edirect.net/forum/search.php?em##################################
- he####direct.net/forum/search.php?em##################################
- ge####direct.net/forum/search.php?em##################################
- he###direct.net/forum/search.php?em##################################
- he####rought.net/forum/search.php?em##################################
- va####smethod.net/forum/search.php?em##################################
- ge####brought.net/forum/search.php?em##################################
- ge####action.net/forum/search.php?em##################################
- he####brought.net/forum/search.php?em##################################
- le####brought.net/forum/search.php?em##################################
- he###method.net/forum/search.php?em##################################
- he###action.net/forum/search.php?em##################################
- ge####method.net/forum/search.php?em##################################
- DNS ASK de###eniece.net
- DNS ASK fo####dspeak.net
- DNS ASK de###espeak.net
- DNS ASK fo####dwrite.net
- DNS ASK de###ewrite.net
- DNS ASK fo####dniece.net
- DNS ASK va####sdirect.net
- DNS ASK re####action.net
- DNS ASK va####saction.net
- DNS ASK re####brought.net
- DNS ASK va####sbrought.net
- DNS ASK re####direct.net
- DNS ASK an####oclock.net
- DNS ASK gl###write.net
- DNS ASK an###rwrite.net
- DNS ASK he###speak.net
- DNS ASK di####ultspeak.net
- DNS ASK gl###oclock.net
- DNS ASK an###rspeak.net
- DNS ASK fo####doclock.net
- DNS ASK de####oclock.net
- DNS ASK gl###niece.net
- DNS ASK an###rniece.net
- DNS ASK gl###speak.net
- DNS ASK le####action.net
- DNS ASK he####method.net
- DNS ASK le####method.net
- DNS ASK he####direct.net
- DNS ASK le####direct.net
- DNS ASK he####action.net
- DNS ASK or###direct.net
- DNS ASK re####eaction.net
- DNS ASK or###action.net
- DNS ASK re####ebrought.net
- DNS ASK or####rought.net
- DNS ASK re####edirect.net
- DNS ASK he####rought.net
- DNS ASK ge####direct.net
- DNS ASK he###direct.net
- DNS ASK re####method.net
- DNS ASK va####smethod.net
- DNS ASK ge####brought.net
- DNS ASK he###method.net
- DNS ASK he####brought.net
- DNS ASK le####brought.net
- DNS ASK ge####action.net
- DNS ASK he###action.net
- DNS ASK ge####method.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''