Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Control Profile Keying Engine' = '%APPDATA%\bnxtzqkuo\vxrlnbkdbw.exe'
- '%APPDATA%\bnxtzqkuo\wezyxumwlhbd.exe' "%APPDATA%\bnxtzqkuo\vxrlnbkdbw.exe"
- '%APPDATA%\bnxtzqkuo\vxrlnbkdbw.exe'
- %APPDATA%\bnxtzqkuo\vxrlnbkdbw.evcd
- %APPDATA%\bnxtzqkuo\wezyxumwlhbd.exe
- %APPDATA%\bnxtzqkuo\vxrlnbkdbw.exe
- %APPDATA%\bnxtzqkuo\wezyxumwlhbd.exe
- %APPDATA%\bnxtzqkuo\vxrlnbkdbw.exe
- 'wi####caught.net':80
- 'su####president.net':80
- 'su####caught.net':80
- 'th####hstrong.net':80
- 'ef####strong.net':80
- 'wi####president.net':80
- 'wi####strong.net':80
- 'th###caught.net':80
- 'su####strong.net':80
- 'su####trouble.net':80
- 'wi####trouble.net':80
- 'ef####trouble.net':80
- 'fo####trouble.net':80
- 'in####sestrong.net':80
- 'in####setrouble.net':80
- 'in#####epresident.net':80
- 'fo####president.net':80
- 'fo####strong.net':80
- 'ef####president.net':80
- 'th####htrouble.net':80
- 'th#####president.net':80
- 'th####hcaught.net':80
- 'ef####caught.net':80
- 'li####caught.net':80
- 'de####ycaught.net':80
- 'ri####strong.net':80
- 'ri####trouble.net':80
- 'be####strong.net':80
- 'li####president.net':80
- 'li####strong.net':80
- 'de####ystrong.net':80
- 'de####ytrouble.net':80
- 'de#####president.net':80
- 'li####trouble.net':80
- 'be####trouble.net':80
- 'th####rouble.net':80
- 'ch####rouble.net':80
- 'ch####resident.net':80
- 'ch###caught.net':80
- 'th####resident.net':80
- 'th###strong.net':80
- 'be####president.net':80
- 'ri####president.net':80
- 'ri####caught.net':80
- 'ch###strong.net':80
- 'be####caught.net':80
- wi####caught.net/forum/search.php?em######################################
- su####president.net/forum/search.php?em######################################
- su####caught.net/forum/search.php?em######################################
- th####hstrong.net/forum/search.php?em######################################
- ef####strong.net/forum/search.php?em######################################
- wi####president.net/forum/search.php?em######################################
- wi####strong.net/forum/search.php?em######################################
- th###caught.net/forum/search.php?em######################################
- su####strong.net/forum/search.php?em######################################
- su####trouble.net/forum/search.php?em######################################
- wi####trouble.net/forum/search.php?em######################################
- ef####trouble.net/forum/search.php?em######################################
- fo####trouble.net/forum/search.php?em######################################
- in####sestrong.net/forum/search.php?em######################################
- in####setrouble.net/forum/search.php?em######################################
- in#####epresident.net/forum/search.php?em######################################
- fo####president.net/forum/search.php?em######################################
- fo####strong.net/forum/search.php?em######################################
- ef####president.net/forum/search.php?em######################################
- th####htrouble.net/forum/search.php?em######################################
- th#####president.net/forum/search.php?em######################################
- th####hcaught.net/forum/search.php?em######################################
- ef####caught.net/forum/search.php?em######################################
- li####caught.net/forum/search.php?em######################################
- de####ycaught.net/forum/search.php?em######################################
- ri####strong.net/forum/search.php?em######################################
- ri####trouble.net/forum/search.php?em######################################
- be####strong.net/forum/search.php?em######################################
- li####president.net/forum/search.php?em######################################
- li####strong.net/forum/search.php?em######################################
- de####ystrong.net/forum/search.php?em######################################
- de####ytrouble.net/forum/search.php?em######################################
- de#####president.net/forum/search.php?em######################################
- li####trouble.net/forum/search.php?em######################################
- be####trouble.net/forum/search.php?em######################################
- th####rouble.net/forum/search.php?em######################################
- ch####rouble.net/forum/search.php?em######################################
- ch####resident.net/forum/search.php?em######################################
- ch###caught.net/forum/search.php?em######################################
- th####resident.net/forum/search.php?em######################################
- th###strong.net/forum/search.php?em######################################
- be####president.net/forum/search.php?em######################################
- ri####president.net/forum/search.php?em######################################
- ri####caught.net/forum/search.php?em######################################
- ch###strong.net/forum/search.php?em######################################
- be####caught.net/forum/search.php?em######################################
- DNS ASK wi####caught.net
- DNS ASK su####president.net
- DNS ASK su####caught.net
- DNS ASK th####hstrong.net
- DNS ASK ef####strong.net
- DNS ASK wi####president.net
- DNS ASK wi####strong.net
- DNS ASK th###caught.net
- DNS ASK su####strong.net
- DNS ASK su####trouble.net
- DNS ASK wi####trouble.net
- DNS ASK ef####trouble.net
- DNS ASK fo####trouble.net
- DNS ASK in####sestrong.net
- DNS ASK in####setrouble.net
- DNS ASK in#####epresident.net
- DNS ASK fo####president.net
- DNS ASK fo####strong.net
- DNS ASK ef####president.net
- DNS ASK th####htrouble.net
- DNS ASK th#####president.net
- DNS ASK th####hcaught.net
- DNS ASK ef####caught.net
- DNS ASK li####caught.net
- DNS ASK de####ycaught.net
- DNS ASK ri####strong.net
- DNS ASK ri####trouble.net
- DNS ASK be####strong.net
- DNS ASK li####president.net
- DNS ASK li####strong.net
- DNS ASK de####ystrong.net
- DNS ASK de####ytrouble.net
- DNS ASK de#####president.net
- DNS ASK li####trouble.net
- DNS ASK be####trouble.net
- DNS ASK th####rouble.net
- DNS ASK ch####rouble.net
- DNS ASK ch####resident.net
- DNS ASK ch###caught.net
- DNS ASK th####resident.net
- DNS ASK th###strong.net
- DNS ASK be####president.net
- DNS ASK ri####president.net
- DNS ASK ri####caught.net
- DNS ASK ch###strong.net
- DNS ASK be####caught.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'