Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Counter Drive Background Parental Locator' = 'C:\npklcfchoncww\hzorejhyolkk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Diagnostic PnP-X UPnP Audio] 'ImagePath' = 'C:\npklcfchoncww\hzorejhyolkk.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Diagnostic PnP-X UPnP Audio] 'Start' = '00000002'
- 'C:\npklcfchoncww\wkchokdzhnnb.exe' "c:\npklcfchoncww\hzorejhyolkk.exe"
- 'C:\npklcfchoncww\hzorejhyolkk.exe'
- 'C:\npklcfchoncww\jfh2mn4ikfiaafymq.exe'
- C:\npklcfchoncww\hzorejhyolkk.exe
- C:\npklcfchoncww\wkchokdzhnnb.exe
- C:\npklcfchoncww\jfh2mn4ikfiaafymq.exe
- %WINDIR%\npklcfchoncww\dnwfgrjg
- C:\npklcfchoncww\dnwfgrjg
- C:\npklcfchoncww\wkchokdzhnnb.exe
- C:\npklcfchoncww\hzorejhyolkk.exe
- C:\npklcfchoncww\jfh2mn4ikfiaafymq.exe
- %WINDIR%\npklcfchoncww\dnwfgrjg
- 'br####method.net':80
- 're####method.net':80
- 'fe####direct.net':80
- 'fe####brought.net':80
- 'br####action.net':80
- 're####direct.net':80
- 'br####brought.net':80
- 're####action.net':80
- 'br####direct.net':80
- 'pr####action.net':80
- 'do####direct.net':80
- 'pr####method.net':80
- 'do####action.net':80
- 'pr####direct.net':80
- 'fe####method.net':80
- 'fe####action.net':80
- 'do####brought.net':80
- 'pr####brought.net':80
- 're####brought.net':80
- 'st####thbrought.net':80
- 'mo####ntspeak.net':80
- 'st####thaction.net':80
- 'st####thdirect.net':80
- 'ou####espeak.net':80
- 'mo####ntwrite.net':80
- 'ou####ewrite.net':80
- 'mo####ntniece.net':80
- 'ou####eniece.net':80
- 'pr####eaction.net':80
- 'de####action.net':80
- 'pr####emethod.net':80
- 'de####method.net':80
- 'pr####edirect.net':80
- 'de####brought.net':80
- 'st####thmethod.net':80
- 'de####direct.net':80
- 'pr####ebrought.net':80
- 'do####method.net':80
- 'st####thworth.net':80
- 'st###worth.net':80
- 'st####thlikely.net':80
- 'st###likely.net':80
- 'mo####ntmethod.net':80
- 'ou####eaction.net':80
- 'mo####ntdirect.net':80
- 'ou####emethod.net':80
- 'mo####ntaction.net':80
- 'de####likely.net':80
- 'pr####eworth.net':80
- 'de####glossary.net':80
- 'pr####elikely.net':80
- 'de###eworth.net':80
- 'st#####hglossary.net':80
- 'st####lossary.net':80
- 'st####thround.net':80
- 'st###round.net':80
- 'ou####edirect.net':80
- 'mi###method.net':80
- 'st###action.net':80
- 'ev####gbrought.net':80
- 'st###method.net':80
- 'mi###action.net':80
- 'st####rought.net':80
- 'mi####rought.net':80
- 'st###direct.net':80
- 'mi###direct.net':80
- 'bu####ngmethod.net':80
- 'ev####gmethod.net':80
- 'mo####ntbrought.net':80
- 'ou####ebrought.net':80
- 'bu####ngaction.net':80
- 'ev####gdirect.net':80
- 'bu####ngbrought.net':80
- 'ev####gaction.net':80
- 'bu####ngdirect.net':80
- http://br####method.net/index.php
- http://re####method.net/index.php
- http://fe####direct.net/index.php
- http://fe####brought.net/index.php
- http://br####action.net/index.php
- http://re####direct.net/index.php
- http://br####brought.net/index.php
- http://re####action.net/index.php
- http://br####direct.net/index.php
- http://pr####action.net/index.php
- http://do####direct.net/index.php
- http://pr####method.net/index.php
- http://do####action.net/index.php
- http://pr####direct.net/index.php
- http://fe####method.net/index.php
- http://fe####action.net/index.php
- http://do####brought.net/index.php
- http://pr####brought.net/index.php
- http://re####brought.net/index.php
- http://st####thbrought.net/index.php
- http://mo####ntspeak.net/index.php
- http://st####thaction.net/index.php
- http://st####thdirect.net/index.php
- http://ou####espeak.net/index.php
- http://mo####ntwrite.net/index.php
- http://ou####ewrite.net/index.php
- http://mo####ntniece.net/index.php
- http://ou####eniece.net/index.php
- http://pr####eaction.net/index.php
- http://de####action.net/index.php
- http://pr####emethod.net/index.php
- http://de####method.net/index.php
- http://pr####edirect.net/index.php
- http://de####brought.net/index.php
- http://st####thmethod.net/index.php
- http://de####direct.net/index.php
- http://pr####ebrought.net/index.php
- http://do####method.net/index.php
- http://st####thworth.net/index.php
- http://st###worth.net/index.php
- http://st####thlikely.net/index.php
- http://st###likely.net/index.php
- http://mo####ntmethod.net/index.php
- http://ou####eaction.net/index.php
- http://mo####ntdirect.net/index.php
- http://ou####emethod.net/index.php
- http://mo####ntaction.net/index.php
- http://de####likely.net/index.php
- http://pr####eworth.net/index.php
- http://de####glossary.net/index.php
- http://pr####elikely.net/index.php
- http://de###eworth.net/index.php
- http://st#####hglossary.net/index.php
- http://st####lossary.net/index.php
- http://st####thround.net/index.php
- http://st###round.net/index.php
- http://ou####edirect.net/index.php
- http://mi###method.net/index.php
- http://st###action.net/index.php
- http://ev####gbrought.net/index.php
- http://st###method.net/index.php
- http://mi###action.net/index.php
- http://st####rought.net/index.php
- http://mi####rought.net/index.php
- http://st###direct.net/index.php
- http://mi###direct.net/index.php
- http://bu####ngmethod.net/index.php
- http://ev####gmethod.net/index.php
- http://mo####ntbrought.net/index.php
- http://ou####ebrought.net/index.php
- http://bu####ngaction.net/index.php
- http://ev####gdirect.net/index.php
- http://bu####ngbrought.net/index.php
- http://ev####gaction.net/index.php
- http://bu####ngdirect.net/index.php
- DNS ASK br####method.net
- DNS ASK re####method.net
- DNS ASK fe####direct.net
- DNS ASK fe####brought.net
- DNS ASK br####action.net
- DNS ASK re####direct.net
- DNS ASK br####brought.net
- DNS ASK re####action.net
- DNS ASK br####direct.net
- DNS ASK pr####action.net
- DNS ASK do####direct.net
- DNS ASK pr####method.net
- DNS ASK do####action.net
- DNS ASK pr####direct.net
- DNS ASK fe####method.net
- DNS ASK fe####action.net
- DNS ASK do####brought.net
- DNS ASK pr####brought.net
- DNS ASK re####brought.net
- DNS ASK st####thbrought.net
- DNS ASK mo####ntspeak.net
- DNS ASK st####thaction.net
- DNS ASK st####thdirect.net
- DNS ASK ou####espeak.net
- DNS ASK mo####ntwrite.net
- DNS ASK ou####ewrite.net
- DNS ASK mo####ntniece.net
- DNS ASK ou####eniece.net
- DNS ASK pr####eaction.net
- DNS ASK de####action.net
- DNS ASK pr####emethod.net
- DNS ASK de####method.net
- DNS ASK pr####edirect.net
- DNS ASK de####brought.net
- DNS ASK st####thmethod.net
- DNS ASK de####direct.net
- DNS ASK pr####ebrought.net
- DNS ASK do####method.net
- DNS ASK st####thworth.net
- DNS ASK st###worth.net
- DNS ASK st####thlikely.net
- DNS ASK st###likely.net
- DNS ASK mo####ntmethod.net
- DNS ASK ou####eaction.net
- DNS ASK mo####ntdirect.net
- DNS ASK ou####emethod.net
- DNS ASK mo####ntaction.net
- DNS ASK de####likely.net
- DNS ASK pr####eworth.net
- DNS ASK de####glossary.net
- DNS ASK pr####elikely.net
- DNS ASK de###eworth.net
- DNS ASK st#####hglossary.net
- DNS ASK st####lossary.net
- DNS ASK st####thround.net
- DNS ASK st###round.net
- DNS ASK ou####edirect.net
- DNS ASK mi###method.net
- DNS ASK st###action.net
- DNS ASK ev####gbrought.net
- DNS ASK st###method.net
- DNS ASK mi###action.net
- DNS ASK st####rought.net
- DNS ASK mi####rought.net
- DNS ASK st###direct.net
- DNS ASK mi###direct.net
- DNS ASK bu####ngmethod.net
- DNS ASK ev####gmethod.net
- DNS ASK mo####ntbrought.net
- DNS ASK ou####ebrought.net
- DNS ASK bu####ngaction.net
- DNS ASK ev####gdirect.net
- DNS ASK bu####ngbrought.net
- DNS ASK ev####gaction.net
- DNS ASK bu####ngdirect.net
- ClassName: 'Shell_TrayWnd' WindowName: ''