Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Transfer WinHTTP Biometric Key' = 'C:\kwlhxjfngvst\npiaowdq.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Grouping Instrumentation Studio Sharing] 'Start' = '00000002'
- 'C:\kwlhxjfngvst\dqknpektny.exe' "c:\kwlhxjfngvst\npiaowdq.exe"
- 'C:\kwlhxjfngvst\npiaowdq.exe'
- 'C:\kwlhxjfngvst\iyue33c8avjctlqadbc9t.exe'
- C:\kwlhxjfngvst\npiaowdq.exe
- C:\kwlhxjfngvst\dqknpektny.exe
- C:\kwlhxjfngvst\zqllvxlg
- %WINDIR%\kwlhxjfngvst\znxypc35s
- C:\kwlhxjfngvst\znxypc35s
- C:\kwlhxjfngvst\iyue33c8avjctlqadbc9t.exe
- C:\kwlhxjfngvst\dqknpektny.exe
- C:\kwlhxjfngvst\npiaowdq.exe
- C:\kwlhxjfngvst\iyue33c8avjctlqadbc9t.exe
- %WINDIR%\kwlhxjfngvst\znxypc35s
- 'mo####gspread.net':80
- 'st####eattempt.net':80
- 'ra####spread.net':80
- 'ra####neighbor.net':80
- 'mo####gneighbor.net':80
- 'st####eneighbor.net':80
- 'hi####yneighbor.net':80
- 'hi####ysquare.net':80
- 'hi####yattempt.net':80
- 'st####esquare.net':80
- 'tw####neighbor.net':80
- 'mi####spread.net':80
- 'mi####neighbor.net':80
- 'mi####square.net':80
- 'tw####square.net':80
- 'ra####square.net':80
- 'mo####gsquare.net':80
- 'mo####gattempt.net':80
- 'tw####spread.net':80
- 'ra####attempt.net':80
- 'cl###spread.net':80
- 'th###market.net':80
- 'cl####eighbor.net':80
- 'cl####ttempt.net':80
- 'cl###square.net':80
- 'th###beauty.net':80
- 'pr####tbeauty.net':80
- 'pr####treport.net':80
- 'pr####tmarket.net':80
- 'th###report.net':80
- 'we####rattempt.net':80
- 'am####square.net':80
- 'am####attempt.net':80
- 'st####espread.net':80
- 'hi####yspread.net':80
- 'am####spread.net':80
- 'we####rspread.net':80
- 'we####rneighbor.net':80
- 'we####rsquare.net':80
- 'am####neighbor.net':80
- 'tw####attempt.net':80
- 'th####artial.net':80
- 'cl####artial.net':80
- 'cl###strike.net':80
- 'cl####osition.net':80
- 'th###strike.net':80
- 'pr####tsquare.net':80
- 'th####eighbor.net':80
- 'th###square.net':80
- 'th####ttempt.net':80
- 'pr####tattempt.net':80
- 'am####strike.net':80
- 'we####rstrike.net':80
- 'we####rposition.net':80
- 'we####rnumber.net':80
- 'am####position.net':80
- 'cl###number.net':80
- 'th####osition.net':80
- 'th###number.net':80
- 'am####partial.net':80
- 'we####rpartial.net':80
- 'of###square.net':80
- 'al###square.net':80
- 'al####ttempt.net':80
- 'co####espread.net':80
- 'of####ttempt.net':80
- 'al###spread.net':80
- 'mi####attempt.net':80
- 'of###spread.net':80
- 'of####eighbor.net':80
- 'al####eighbor.net':80
- 'ch####ttempt.net':80
- 'co####eattempt.net':80
- 'pr####tspread.net':80
- 'pr####tneighbor.net':80
- 'th###spread.net':80
- 'co####eneighbor.net':80
- 'ch###spread.net':80
- 'ch####eighbor.net':80
- 'ch###square.net':80
- 'co####esquare.net':80
- http://mo####gspread.net/index.php?me########
- http://st####eattempt.net/index.php?me########
- http://ra####spread.net/index.php?me########
- http://ra####neighbor.net/index.php?me########
- http://mo####gneighbor.net/index.php?me########
- http://st####eneighbor.net/index.php?me########
- http://hi####yneighbor.net/index.php?me########
- http://hi####ysquare.net/index.php?me########
- http://hi####yattempt.net/index.php?me########
- http://st####esquare.net/index.php?me########
- http://tw####neighbor.net/index.php?me########
- http://mi####spread.net/index.php?me########
- http://mi####neighbor.net/index.php?me########
- http://mi####square.net/index.php?me########
- http://tw####square.net/index.php?me########
- http://ra####square.net/index.php?me########
- http://mo####gsquare.net/index.php?me########
- http://mo####gattempt.net/index.php?me########
- http://tw####spread.net/index.php?me########
- http://ra####attempt.net/index.php?me########
- http://cl###spread.net/index.php?me########
- http://th###market.net/index.php?me########
- http://cl####eighbor.net/index.php?me########
- http://cl####ttempt.net/index.php?me########
- http://cl###square.net/index.php?me########
- http://th###beauty.net/index.php?me########
- http://pr####tbeauty.net/index.php?me########
- http://pr####treport.net/index.php?me########
- http://pr####tmarket.net/index.php?me########
- http://th###report.net/index.php?me########
- http://we####rattempt.net/index.php?me########
- http://am####square.net/index.php?me########
- http://am####attempt.net/index.php?me########
- http://st####espread.net/index.php?me########
- http://hi####yspread.net/index.php?me########
- http://am####spread.net/index.php?me########
- http://we####rspread.net/index.php?me########
- http://we####rneighbor.net/index.php?me########
- http://we####rsquare.net/index.php?me########
- http://am####neighbor.net/index.php?me########
- http://tw####attempt.net/index.php?me########
- http://th####artial.net/index.php?me########
- http://cl####artial.net/index.php?me########
- http://cl###strike.net/index.php?me########
- http://cl####osition.net/index.php?me########
- http://th###strike.net/index.php?me########
- http://pr####tsquare.net/index.php?me########
- http://th####eighbor.net/index.php?me########
- http://th###square.net/index.php?me########
- http://th####ttempt.net/index.php?me########
- http://pr####tattempt.net/index.php?me########
- http://am####strike.net/index.php?me########
- http://we####rstrike.net/index.php?me########
- http://we####rposition.net/index.php?me########
- http://we####rnumber.net/index.php?me########
- http://am####position.net/index.php?me########
- http://cl###number.net/index.php?me########
- http://th####osition.net/index.php?me########
- http://th###number.net/index.php?me########
- http://am####partial.net/index.php?me########
- http://we####rpartial.net/index.php?me########
- http://of###square.net/index.php?me########
- http://al###square.net/index.php?me########
- http://al####ttempt.net/index.php?me########
- http://co####espread.net/index.php?me########
- http://of####ttempt.net/index.php?me########
- http://al###spread.net/index.php?me########
- http://mi####attempt.net/index.php?me########
- http://of###spread.net/index.php?me########
- http://of####eighbor.net/index.php?me########
- http://al####eighbor.net/index.php?me########
- http://ch####ttempt.net/index.php?me########
- http://co####eattempt.net/index.php?me########
- http://pr####tspread.net/index.php?me########
- http://pr####tneighbor.net/index.php?me########
- http://th###spread.net/index.php?me########
- http://co####eneighbor.net/index.php?me########
- http://ch###spread.net/index.php?me########
- http://ch####eighbor.net/index.php?me########
- http://ch###square.net/index.php?me########
- http://co####esquare.net/index.php?me########
- DNS ASK mo####gspread.net
- DNS ASK st####eattempt.net
- DNS ASK ra####spread.net
- DNS ASK ra####neighbor.net
- DNS ASK mo####gneighbor.net
- DNS ASK st####eneighbor.net
- DNS ASK hi####yneighbor.net
- DNS ASK hi####ysquare.net
- DNS ASK hi####yattempt.net
- DNS ASK st####esquare.net
- DNS ASK tw####neighbor.net
- DNS ASK mi####spread.net
- DNS ASK mi####neighbor.net
- DNS ASK mi####square.net
- DNS ASK tw####square.net
- DNS ASK ra####square.net
- DNS ASK mo####gsquare.net
- DNS ASK mo####gattempt.net
- DNS ASK tw####spread.net
- DNS ASK ra####attempt.net
- DNS ASK cl###spread.net
- DNS ASK th###market.net
- DNS ASK cl####eighbor.net
- DNS ASK cl####ttempt.net
- DNS ASK cl###square.net
- DNS ASK th###beauty.net
- DNS ASK pr####tbeauty.net
- DNS ASK pr####treport.net
- DNS ASK pr####tmarket.net
- DNS ASK th###report.net
- DNS ASK we####rattempt.net
- DNS ASK am####square.net
- DNS ASK am####attempt.net
- DNS ASK st####espread.net
- DNS ASK hi####yspread.net
- DNS ASK am####spread.net
- DNS ASK we####rspread.net
- DNS ASK we####rneighbor.net
- DNS ASK we####rsquare.net
- DNS ASK am####neighbor.net
- DNS ASK tw####attempt.net
- DNS ASK th####artial.net
- DNS ASK cl####artial.net
- DNS ASK cl###strike.net
- DNS ASK cl####osition.net
- DNS ASK th###strike.net
- DNS ASK pr####tsquare.net
- DNS ASK th####eighbor.net
- DNS ASK th###square.net
- DNS ASK th####ttempt.net
- DNS ASK pr####tattempt.net
- DNS ASK am####strike.net
- DNS ASK we####rstrike.net
- DNS ASK we####rposition.net
- DNS ASK we####rnumber.net
- DNS ASK am####position.net
- DNS ASK cl###number.net
- DNS ASK th####osition.net
- DNS ASK th###number.net
- DNS ASK am####partial.net
- DNS ASK we####rpartial.net
- DNS ASK of###square.net
- DNS ASK al###square.net
- DNS ASK al####ttempt.net
- DNS ASK co####espread.net
- DNS ASK of####ttempt.net
- DNS ASK al###spread.net
- DNS ASK mi####attempt.net
- DNS ASK of###spread.net
- DNS ASK of####eighbor.net
- DNS ASK al####eighbor.net
- DNS ASK ch####ttempt.net
- DNS ASK co####eattempt.net
- DNS ASK pr####tspread.net
- DNS ASK pr####tneighbor.net
- DNS ASK th###spread.net
- DNS ASK co####eneighbor.net
- DNS ASK ch###spread.net
- DNS ASK ch####eighbor.net
- DNS ASK ch###square.net
- DNS ASK co####esquare.net
- ClassName: 'Shell_TrayWnd' WindowName: ''