Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CNG Encryption Plug Connection Call' = 'C:\avxqunjvjgug\dvlqeatddab.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Internet Error Reporting Auto] 'Start' = '00000002'
- 'C:\avxqunjvjgug\hzbqwvbxj.exe' "c:\avxqunjvjgug\dvlqeatddab.exe"
- 'C:\avxqunjvjgug\dvlqeatddab.exe'
- 'C:\avxqunjvjgug\ir1jr3nprlqmf5wktwgizb.exe'
- C:\avxqunjvjgug\dvlqeatddab.exe
- C:\avxqunjvjgug\hzbqwvbxj.exe
- C:\avxqunjvjgug\ay2yozzlzte
- %WINDIR%\avxqunjvjgug\qlinp15ey6gc
- C:\avxqunjvjgug\qlinp15ey6gc
- C:\avxqunjvjgug\ir1jr3nprlqmf5wktwgizb.exe
- C:\avxqunjvjgug\hzbqwvbxj.exe
- C:\avxqunjvjgug\dvlqeatddab.exe
- C:\avxqunjvjgug\ir1jr3nprlqmf5wktwgizb.exe
- %WINDIR%\avxqunjvjgug\qlinp15ey6gc
- 'be###rmayor.net':80
- 'ga####perfect.net':80
- 'be####battle.net':80
- 'ga###rmayor.net':80
- 'be###rheart.net':80
- 'tr###battle.net':80
- 'be####perfect.net':80
- 'ga###rheart.net':80
- 'fl###mayor.net':80
- 'br####erfect.net':80
- 'fl###battle.net':80
- 'br###mayor.net':80
- 'fl###heart.net':80
- 'ga####battle.net':80
- 'fl####erfect.net':80
- 'br###heart.net':80
- 'st####battle.net':80
- 'el####icperfect.net':80
- 're####perfect.net':80
- 'el####icmayor.net':80
- 're###dmayor.net':80
- 'ca####nbattle.net':80
- 'la###battle.net':80
- 'el####icheart.net':80
- 're###dheart.net':80
- 'tr####erfect.net':80
- 'st####perfect.net':80
- 'tr###mayor.net':80
- 'st###tmayor.net':80
- 'el####icbattle.net':80
- 're####battle.net':80
- 'tr###heart.net':80
- 'st###theart.net':80
- http://be###rmayor.net/index.php
- http://ga####perfect.net/index.php
- http://be####battle.net/index.php
- http://ga###rmayor.net/index.php
- http://be###rheart.net/index.php
- http://tr###battle.net/index.php
- http://be####perfect.net/index.php
- http://ga###rheart.net/index.php
- http://fl###mayor.net/index.php
- http://br####erfect.net/index.php
- http://fl###battle.net/index.php
- http://br###mayor.net/index.php
- http://fl###heart.net/index.php
- http://ga####battle.net/index.php
- http://fl####erfect.net/index.php
- http://br###heart.net/index.php
- http://st####battle.net/index.php
- http://el####icperfect.net/index.php
- http://re####perfect.net/index.php
- http://el####icmayor.net/index.php
- http://re###dmayor.net/index.php
- http://ca####nbattle.net/index.php
- http://la###battle.net/index.php
- http://el####icheart.net/index.php
- http://re###dheart.net/index.php
- http://tr####erfect.net/index.php
- http://st####perfect.net/index.php
- http://tr###mayor.net/index.php
- http://st###tmayor.net/index.php
- http://el####icbattle.net/index.php
- http://re####battle.net/index.php
- http://tr###heart.net/index.php
- http://st###theart.net/index.php
- DNS ASK be###rmayor.net
- DNS ASK ga####perfect.net
- DNS ASK be####battle.net
- DNS ASK ga###rmayor.net
- DNS ASK be###rheart.net
- DNS ASK tr###battle.net
- DNS ASK be####perfect.net
- DNS ASK ga###rheart.net
- DNS ASK ga####battle.net
- DNS ASK br###mayor.net
- DNS ASK fl###mayor.net
- DNS ASK br###battle.net
- DNS ASK fl###battle.net
- DNS ASK br###heart.net
- DNS ASK fl###heart.net
- DNS ASK br####erfect.net
- DNS ASK fl####erfect.net
- DNS ASK el####icperfect.net
- DNS ASK re####perfect.net
- DNS ASK el####icmayor.net
- DNS ASK re###dmayor.net
- DNS ASK ca####nbattle.net
- DNS ASK la###battle.net
- DNS ASK el####icheart.net
- DNS ASK re###dheart.net
- DNS ASK re####battle.net
- DNS ASK st###tmayor.net
- DNS ASK tr####erfect.net
- DNS ASK st####battle.net
- DNS ASK tr###mayor.net
- DNS ASK st###theart.net
- DNS ASK el####icbattle.net
- DNS ASK st####perfect.net
- DNS ASK tr###heart.net
- ClassName: 'Shell_TrayWnd' WindowName: ''