Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Link-Layer Server Client Proxy' = 'C:\lzrlvule\jjywqimrkmsc.exe'
- 'C:\lzrlvule\uvgmelyuau.exe' "c:\lzrlvule\jjywqimrkmsc.exe"
- 'C:\lzrlvule\jjywqimrkmsc.exe'
- 'C:\lzrlvule\pl2qfubc0redrcwtrg.exe'
- C:\lzrlvule\jjywqimrkmsc.exe
- C:\lzrlvule\uvgmelyuau.exe
- C:\lzrlvule\b34cq0pxzagm
- %WINDIR%\lzrlvule\iqfkxi
- C:\lzrlvule\iqfkxi
- C:\lzrlvule\pl2qfubc0redrcwtrg.exe
- C:\lzrlvule\uvgmelyuau.exe
- C:\lzrlvule\jjywqimrkmsc.exe
- C:\lzrlvule\pl2qfubc0redrcwtrg.exe
- %WINDIR%\lzrlvule\iqfkxi
- 'mi###public.net':80
- 'st###public.net':80
- 'mi###eearly.net':80
- 'st###dress.net':80
- 'pr###ycatch.net':80
- 'do###rcatch.net':80
- 'mi###dress.net':80
- 'st###eearly.net':80
- 'ev####gpublic.net':80
- 'bu####ngpublic.net':80
- 'ev####geearly.net':80
- 'bu####ngdress.net':80
- 'mi###catch.net':80
- 'st###catch.net':80
- 'ev####gdress.net':80
- 'do####eearly.net':80
- 'do###edress.net':80
- 'fe###wdress.net':80
- 'fe####public.net':80
- 'br###ncatch.net':80
- 're####eearly.net':80
- 'br####eearly.net':80
- 're###tcatch.net':80
- 'fe####eearly.net':80
- 'pr####public.net':80
- 'do####public.net':80
- 'pr####eearly.net':80
- 'do###rdress.net':80
- 'do###ecatch.net':80
- 'fe###wcatch.net':80
- 'pr###ydress.net':80
- 'bu####ngeearly.net':80
- 'de####clothes.net':80
- 'pr####eclothes.net':80
- 'de####health.net':80
- 'pr####edistant.net':80
- 'st####eparate.net':80
- 'st#####hseparate.net':80
- 'de####distant.net':80
- 'pr####ehealth.net':80
- 're####clothes.net':80
- 'br####clothes.net':80
- 're####health.net':80
- 'br####distant.net':80
- 'de####separate.net':80
- 'pr####eseparate.net':80
- 're####distant.net':80
- 'st####thhealth.net':80
- 'ou####epublic.net':80
- 'mo####ntpublic.net':80
- 'ou####eeearly.net':80
- 'mo####ntdress.net':80
- 'ev####gcatch.net':80
- 'bu####ngcatch.net':80
- 'ou####edress.net':80
- 'mo####nteearly.net':80
- 'st####lothes.net':80
- 'st####thclothes.net':80
- 'st###health.net':80
- 'st####thdistant.net':80
- 'ou####ecatch.net':80
- 'mo####ntcatch.net':80
- 'st####istant.net':80
- http://mi###public.net/index.php?me########
- http://st###public.net/index.php?me########
- http://mi###eearly.net/index.php?me########
- http://st###dress.net/index.php?me########
- http://pr###ycatch.net/index.php?me########
- http://do###rcatch.net/index.php?me########
- http://mi###dress.net/index.php?me########
- http://st###eearly.net/index.php?me########
- http://ev####gpublic.net/index.php?me########
- http://bu####ngpublic.net/index.php?me########
- http://ev####geearly.net/index.php?me########
- http://bu####ngdress.net/index.php?me########
- http://mi###catch.net/index.php?me########
- http://st###catch.net/index.php?me########
- http://ev####gdress.net/index.php?me########
- http://do####eearly.net/index.php?me########
- http://do###edress.net/index.php?me########
- http://fe###wdress.net/index.php?me########
- http://fe####public.net/index.php?me########
- http://br###ncatch.net/index.php?me########
- http://re####eearly.net/index.php?me########
- http://br####eearly.net/index.php?me########
- http://re###tcatch.net/index.php?me########
- http://fe####eearly.net/index.php?me########
- http://pr####public.net/index.php?me########
- http://do####public.net/index.php?me########
- http://pr####eearly.net/index.php?me########
- http://do###rdress.net/index.php?me########
- http://do###ecatch.net/index.php?me########
- http://fe###wcatch.net/index.php?me########
- http://pr###ydress.net/index.php?me########
- http://bu####ngeearly.net/index.php?me########
- http://de####clothes.net/index.php?me########
- http://pr####eclothes.net/index.php?me########
- http://de####health.net/index.php?me########
- http://pr####edistant.net/index.php?me########
- http://st####eparate.net/index.php?me########
- http://st#####hseparate.net/index.php?me########
- http://de####distant.net/index.php?me########
- http://pr####ehealth.net/index.php?me########
- http://re####clothes.net/index.php?me########
- http://br####clothes.net/index.php?me########
- http://re####health.net/index.php?me########
- http://br####distant.net/index.php?me########
- http://de####separate.net/index.php?me########
- http://pr####eseparate.net/index.php?me########
- http://re####distant.net/index.php?me########
- http://st####thhealth.net/index.php?me########
- http://ou####epublic.net/index.php?me########
- http://mo####ntpublic.net/index.php?me########
- http://ou####eeearly.net/index.php?me########
- http://mo####ntdress.net/index.php?me########
- http://ev####gcatch.net/index.php?me########
- http://bu####ngcatch.net/index.php?me########
- http://ou####edress.net/index.php?me########
- http://mo####nteearly.net/index.php?me########
- http://st####lothes.net/index.php?me########
- http://st####thclothes.net/index.php?me########
- http://st###health.net/index.php?me########
- http://st####thdistant.net/index.php?me########
- http://ou####ecatch.net/index.php?me########
- http://mo####ntcatch.net/index.php?me########
- http://st####istant.net/index.php?me########
- DNS ASK mi###public.net
- DNS ASK st###dress.net
- DNS ASK mi###eearly.net
- DNS ASK st###public.net
- DNS ASK pr###ycatch.net
- DNS ASK do####eearly.net
- DNS ASK mi###dress.net
- DNS ASK do###rcatch.net
- DNS ASK ev####gpublic.net
- DNS ASK bu####ngdress.net
- DNS ASK ev####geearly.net
- DNS ASK bu####ngpublic.net
- DNS ASK mi###catch.net
- DNS ASK st###eearly.net
- DNS ASK ev####gdress.net
- DNS ASK st###catch.net
- DNS ASK do###edress.net
- DNS ASK br###ncatch.net
- DNS ASK fe####public.net
- DNS ASK fe###wdress.net
- DNS ASK re####eearly.net
- DNS ASK br####public.net
- DNS ASK re###tcatch.net
- DNS ASK br####eearly.net
- DNS ASK pr####public.net
- DNS ASK do###rdress.net
- DNS ASK pr####eearly.net
- DNS ASK do####public.net
- DNS ASK do###ecatch.net
- DNS ASK fe####eearly.net
- DNS ASK pr###ydress.net
- DNS ASK fe###wcatch.net
- DNS ASK de####clothes.net
- DNS ASK pr####edistant.net
- DNS ASK de####health.net
- DNS ASK pr####eclothes.net
- DNS ASK st####eparate.net
- DNS ASK st####thhealth.net
- DNS ASK de####distant.net
- DNS ASK st#####hseparate.net
- DNS ASK re####clothes.net
- DNS ASK br####distant.net
- DNS ASK re####health.net
- DNS ASK br####clothes.net
- DNS ASK de####separate.net
- DNS ASK pr####ehealth.net
- DNS ASK re####distant.net
- DNS ASK pr####eseparate.net
- DNS ASK ou####epublic.net
- DNS ASK mo####ntdress.net
- DNS ASK ou####eeearly.net
- DNS ASK mo####ntpublic.net
- DNS ASK ev####gcatch.net
- DNS ASK bu####ngeearly.net
- DNS ASK ou####edress.net
- DNS ASK bu####ngcatch.net
- DNS ASK st####lothes.net
- DNS ASK st####thdistant.net
- DNS ASK st###health.net
- DNS ASK st####thclothes.net
- DNS ASK ou####ecatch.net
- DNS ASK mo####nteearly.net
- DNS ASK st####istant.net
- DNS ASK mo####ntcatch.net
- ClassName: 'Shell_TrayWnd' WindowName: ''