Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Manager Reports Link-Layer Extensible RPC' = '%APPDATA%\ckofcrt\xydsltznmc.exe'
- '%APPDATA%\ckofcrt\vmelzgljcpac.exe' "%APPDATA%\ckofcrt\xydsltznmc.exe"
- '%APPDATA%\ckofcrt\xydsltznmc.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %APPDATA%\ckofcrt\xydsltznmc.qpy1z
- %APPDATA%\ckofcrt\vmelzgljcpac.exe
- %APPDATA%\ckofcrt\xydsltznmc.exe
- %APPDATA%\ckofcrt\vmelzgljcpac.exe
- %APPDATA%\ckofcrt\xydsltznmc.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'br####herefore.net':80
- 'fl####herefore.net':80
- 'br####uestion.net':80
- 'qu###school.net':80
- 'se###nwhile.net':80
- 'qu###while.net':80
- 'se####school.net':80
- 'fl####uestion.net':80
- 'ga####therefore.net':80
- 'be####therefore.net':80
- 'ga####question.net':80
- 'fl###school.net':80
- 'br###while.net':80
- 'fl###while.net':80
- 'br###school.net':80
- 'ag####tthrown.net':80
- 'do###storm.net':80
- 'ag####tstorm.net':80
- 'do###thrown.net':80
- 'ni####raining.net':80
- 'de####hunger.net':80
- 'ni###hunger.net':80
- 'do####raining.net':80
- 'qu####herefore.net':80
- 'se####question.net':80
- 'qu####uestion.net':80
- 'se####therefore.net':80
- 'ag####ttraining.net':80
- 'do###hunger.net':80
- 'ag####thunger.net':80
- 'be####question.net':80
- 're####school.net':80
- 'ca#####therefore.net':80
- 'la####herefore.net':80
- 'el####icschool.net':80
- 're####question.net':80
- 'el####icwhile.net':80
- 're###dwhile.net':80
- 'ca####nquestion.net':80
- 'la###school.net':80
- 'de####therefore.net':80
- 'ni####herefore.net':80
- 'ca####nschool.net':80
- 'la####uestion.net':80
- 'ca####nwhile.net':80
- 'la###while.net':80
- 'tr####herefore.net':80
- 'st####therefore.net':80
- 'tr####uestion.net':80
- 'be####school.net':80
- 'ga###rwhile.net':80
- 'be###rwhile.net':80
- 'ga####school.net':80
- 'st####question.net':80
- 'el#####ctherefore.net':80
- 're####therefore.net':80
- 'el#####cquestion.net':80
- 'st####school.net':80
- 'tr###while.net':80
- 'st###twhile.net':80
- 'tr###school.net':80
- br####herefore.net/forum/search.php?em#####################################
- fl####herefore.net/forum/search.php?em#####################################
- br####uestion.net/forum/search.php?em#####################################
- qu###school.net/forum/search.php?em#####################################
- se###nwhile.net/forum/search.php?em#####################################
- qu###while.net/forum/search.php?em#####################################
- se####school.net/forum/search.php?em#####################################
- fl####uestion.net/forum/search.php?em#####################################
- ga####therefore.net/forum/search.php?em#####################################
- be####therefore.net/forum/search.php?em#####################################
- ga####question.net/forum/search.php?em#####################################
- fl###school.net/forum/search.php?em#####################################
- br###while.net/forum/search.php?em#####################################
- fl###while.net/forum/search.php?em#####################################
- br###school.net/forum/search.php?em#####################################
- ag####tthrown.net/forum/search.php?em#####################################
- do###storm.net/forum/search.php?em#####################################
- ag####tstorm.net/forum/search.php?em#####################################
- do###thrown.net/forum/search.php?em#####################################
- ni####raining.net/forum/search.php?em#####################################
- de####hunger.net/forum/search.php?em#####################################
- ni###hunger.net/forum/search.php?em#####################################
- do####raining.net/forum/search.php?em#####################################
- qu####herefore.net/forum/search.php?em#####################################
- se####question.net/forum/search.php?em#####################################
- qu####uestion.net/forum/search.php?em#####################################
- se####therefore.net/forum/search.php?em#####################################
- ag####ttraining.net/forum/search.php?em#####################################
- do###hunger.net/forum/search.php?em#####################################
- ag####thunger.net/forum/search.php?em#####################################
- be####question.net/forum/search.php?em#####################################
- re####school.net/forum/search.php?em#####################################
- ca#####therefore.net/forum/search.php?em#####################################
- la####herefore.net/forum/search.php?em#####################################
- el####icschool.net/forum/search.php?em#####################################
- re####question.net/forum/search.php?em#####################################
- el####icwhile.net/forum/search.php?em#####################################
- re###dwhile.net/forum/search.php?em#####################################
- ca####nquestion.net/forum/search.php?em#####################################
- la###school.net/forum/search.php?em#####################################
- de####therefore.net/forum/search.php?em#####################################
- ni####herefore.net/forum/search.php?em#####################################
- ca####nschool.net/forum/search.php?em#####################################
- la####uestion.net/forum/search.php?em#####################################
- ca####nwhile.net/forum/search.php?em#####################################
- la###while.net/forum/search.php?em#####################################
- tr####herefore.net/forum/search.php?em#####################################
- st####therefore.net/forum/search.php?em#####################################
- tr####uestion.net/forum/search.php?em#####################################
- be####school.net/forum/search.php?em#####################################
- ga###rwhile.net/forum/search.php?em#####################################
- be###rwhile.net/forum/search.php?em#####################################
- ga####school.net/forum/search.php?em#####################################
- st####question.net/forum/search.php?em#####################################
- el#####ctherefore.net/forum/search.php?em#####################################
- re####therefore.net/forum/search.php?em#####################################
- el#####cquestion.net/forum/search.php?em#####################################
- st####school.net/forum/search.php?em#####################################
- tr###while.net/forum/search.php?em#####################################
- st###twhile.net/forum/search.php?em#####################################
- tr###school.net/forum/search.php?em#####################################
- DNS ASK br####herefore.net
- DNS ASK fl####herefore.net
- DNS ASK br####uestion.net
- DNS ASK qu###school.net
- DNS ASK se###nwhile.net
- DNS ASK qu###while.net
- DNS ASK se####school.net
- DNS ASK fl####uestion.net
- DNS ASK ga####therefore.net
- DNS ASK be####therefore.net
- DNS ASK ga####question.net
- DNS ASK fl###school.net
- DNS ASK br###while.net
- DNS ASK fl###while.net
- DNS ASK br###school.net
- DNS ASK qu####uestion.net
- DNS ASK do###thrown.net
- DNS ASK ag####tthrown.net
- DNS ASK do###storm.net
- DNS ASK ni###hunger.net
- DNS ASK de####training.net
- DNS ASK ni####raining.net
- DNS ASK de####hunger.net
- DNS ASK ag####tstorm.net
- DNS ASK se####therefore.net
- DNS ASK qu####herefore.net
- DNS ASK se####question.net
- DNS ASK ag####thunger.net
- DNS ASK do####raining.net
- DNS ASK ag####ttraining.net
- DNS ASK do###hunger.net
- DNS ASK re####school.net
- DNS ASK ca#####therefore.net
- DNS ASK la####herefore.net
- DNS ASK el####icschool.net
- DNS ASK re####question.net
- DNS ASK el####icwhile.net
- DNS ASK re###dwhile.net
- DNS ASK ca####nquestion.net
- DNS ASK la###school.net
- DNS ASK de####therefore.net
- DNS ASK ni####herefore.net
- DNS ASK ca####nschool.net
- DNS ASK la####uestion.net
- DNS ASK ca####nwhile.net
- DNS ASK la###while.net
- DNS ASK el#####cquestion.net
- DNS ASK be####school.net
- DNS ASK tr####herefore.net
- DNS ASK st####therefore.net
- DNS ASK ga####school.net
- DNS ASK be####question.net
- DNS ASK ga###rwhile.net
- DNS ASK be###rwhile.net
- DNS ASK tr####uestion.net
- DNS ASK st####school.net
- DNS ASK el#####ctherefore.net
- DNS ASK re####therefore.net
- DNS ASK tr###school.net
- DNS ASK st####question.net
- DNS ASK tr###while.net
- DNS ASK st###twhile.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''