Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Diagnostic Search ActiveX Name' = 'C:\ffpcslkyazn\ireadwi.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Virtual Store Upgrade IKE Center UPnP] 'Start' = '00000002'
- 'C:\ffpcslkyazn\bqpclpophhru.exe' "c:\ffpcslkyazn\ireadwi.exe"
- 'C:\ffpcslkyazn\ireadwi.exe'
- 'C:\ffpcslkyazn\snpb3c0bhutvwrjromm.exe'
- C:\ffpcslkyazn\ireadwi.exe
- C:\ffpcslkyazn\bqpclpophhru.exe
- C:\ffpcslkyazn\snpb3c0bhutvwrjromm.exe
- %WINDIR%\ffpcslkyazn\zjzpszuoc
- C:\ffpcslkyazn\zjzpszuoc
- C:\ffpcslkyazn\bqpclpophhru.exe
- C:\ffpcslkyazn\ireadwi.exe
- C:\ffpcslkyazn\snpb3c0bhutvwrjromm.exe
- %WINDIR%\ffpcslkyazn\zjzpszuoc
- 'fo####dollar.net':80
- 'me####written.net':80
- 'fo####realize.net':80
- 'me####dollar.net':80
- 'fo###wshore.net':80
- 'al####yrealize.net':80
- 'fo####written.net':80
- 'me###rshore.net':80
- 'be###dollar.net':80
- 'kn####ritten.net':80
- 'be####ealize.net':80
- 'kn###dollar.net':80
- 'be###shore.net':80
- 'me####realize.net':80
- 'be####ritten.net':80
- 'kn###shore.net':80
- 'ge#####anrealize.net':80
- 'ex#####ncewritten.net':80
- 'fr####ritten.net':80
- 'ex#####ncedollar.net':80
- 'fr###dollar.net':80
- 'en####hclose.net':80
- 'ei###rclose.net':80
- 'ex####enceshore.net':80
- 'fr###shore.net':80
- 'al####ywritten.net':80
- 'ge#####anwritten.net':80
- 'al####ydollar.net':80
- 'ge####mandollar.net':80
- 'ex#####ncerealize.net':80
- 'fr####ealize.net':80
- 'al####yshore.net':80
- 'ge####manshore.net':80
- http://fo####dollar.net/index.php
- http://me####written.net/index.php
- http://fo####realize.net/index.php
- http://me####dollar.net/index.php
- http://fo###wshore.net/index.php
- http://al####yrealize.net/index.php
- http://fo####written.net/index.php
- http://me###rshore.net/index.php
- http://be###dollar.net/index.php
- http://kn####ritten.net/index.php
- http://be####ealize.net/index.php
- http://kn###dollar.net/index.php
- http://be###shore.net/index.php
- http://me####realize.net/index.php
- http://be####ritten.net/index.php
- http://kn###shore.net/index.php
- http://ge#####anrealize.net/index.php
- http://ex#####ncewritten.net/index.php
- http://fr####ritten.net/index.php
- http://ex#####ncedollar.net/index.php
- http://fr###dollar.net/index.php
- http://en####hclose.net/index.php
- http://ei###rclose.net/index.php
- http://ex####enceshore.net/index.php
- http://fr###shore.net/index.php
- http://al####ywritten.net/index.php
- http://ge#####anwritten.net/index.php
- http://al####ydollar.net/index.php
- http://ge####mandollar.net/index.php
- http://ex#####ncerealize.net/index.php
- http://fr####ealize.net/index.php
- http://al####yshore.net/index.php
- http://ge####manshore.net/index.php
- DNS ASK fo####dollar.net
- DNS ASK me####written.net
- DNS ASK fo####realize.net
- DNS ASK me####dollar.net
- DNS ASK fo###wshore.net
- DNS ASK al####yrealize.net
- DNS ASK fo####written.net
- DNS ASK me###rshore.net
- DNS ASK me####realize.net
- DNS ASK kn###dollar.net
- DNS ASK be###dollar.net
- DNS ASK kn####ealize.net
- DNS ASK be####ealize.net
- DNS ASK kn###shore.net
- DNS ASK be###shore.net
- DNS ASK kn####ritten.net
- DNS ASK be####ritten.net
- DNS ASK ex#####ncewritten.net
- DNS ASK fr####ritten.net
- DNS ASK ex#####ncedollar.net
- DNS ASK fr###dollar.net
- DNS ASK en####hclose.net
- DNS ASK ei###rclose.net
- DNS ASK ex####enceshore.net
- DNS ASK fr###shore.net
- DNS ASK fr####ealize.net
- DNS ASK ge####mandollar.net
- DNS ASK al####ywritten.net
- DNS ASK ge#####anrealize.net
- DNS ASK al####ydollar.net
- DNS ASK ge####manshore.net
- DNS ASK ex#####ncerealize.net
- DNS ASK ge#####anwritten.net
- DNS ASK al####yshore.net
- ClassName: 'Shell_TrayWnd' WindowName: ''