Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Shadow Windows Fax WWAN Initiator' = 'C:\ddhhdhh\erdazfgb.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\List Netlogon Parental Tracking WWAN] 'Start' = '00000002'
- 'C:\ddhhdhh\yvhagcfvhhhr.exe' "c:\ddhhdhh\erdazfgb.exe"
- 'C:\ddhhdhh\erdazfgb.exe'
- C:\ddhhdhh\yvhagcfvhhhr.exe
- C:\ddhhdhh\fz1kwsa1pvfp
- C:\ddhhdhh\erdazfgb.exe
- %WINDIR%\ddhhdhh\xkhgenba2dvr
- C:\ddhhdhh\xkhgenba2dvr
- C:\ddhhdhh\yvhagcfvhhhr.exe
- C:\ddhhdhh\erdazfgb.exe
- %WINDIR%\ddhhdhh\xkhgenba2dvr
- 'cl###enough.net':80
- 'th###enough.net':80
- 'cl###needle.net':80
- 'th###govern.net':80
- 'pr####tfurther.net':80
- 'th####urther.net':80
- 'cl###govern.net':80
- 'th###needle.net':80
- 'we####renough.net':80
- 'am####enough.net':80
- 'we####rneedle.net':80
- 'am####govern.net':80
- 'cl###nature.net':80
- 'th###nature.net':80
- 'we####rgovern.net':80
- 'th###cover.net':80
- 'co####ebecome.net':80
- 'ch###become.net':80
- 'co####ecover.net':80
- 'ch####ompany.net':80
- 'al####urther.net':80
- 'of####urther.net':80
- 'co####ecompany.net':80
- 'ch###cover.net':80
- 'pr####tbecome.net':80
- 'th###become.net':80
- 'pr####tcover.net':80
- 'th####ompany.net':80
- 'co####efurther.net':80
- 'ch####urther.net':80
- 'pr####tcompany.net':80
- 'mi####govern.net':80
- 'tw####enough.net':80
- 'mi####enough.net':80
- 'tw####govern.net':80
- 'ra####needle.net':80
- 'mo####gnature.net':80
- 'ra####nature.net':80
- 'tw####needle.net':80
- 'of###govern.net':80
- 'al###enough.net':80
- 'of###enough.net':80
- 'al###govern.net':80
- 'mi####needle.net':80
- 'tw####nature.net':80
- 'mi####nature.net':80
- 'mo####gneedle.net':80
- 'st####egovern.net':80
- 'hi####yenough.net':80
- 'st####eenough.net':80
- 'hi####ygovern.net':80
- 'am####needle.net':80
- 'we####rnature.net':80
- 'am####nature.net':80
- 'hi####yneedle.net':80
- 'ra####govern.net':80
- 'mo####genough.net':80
- 'ra####enough.net':80
- 'mo####ggovern.net':80
- 'st####eneedle.net':80
- 'hi####ynature.net':80
- 'st####enature.net':80
- http://cl###enough.net/index.php?me########
- http://th###enough.net/index.php?me########
- http://cl###needle.net/index.php?me########
- http://th###govern.net/index.php?me########
- http://pr####tfurther.net/index.php?me########
- http://th####urther.net/index.php?me########
- http://cl###govern.net/index.php?me########
- http://th###needle.net/index.php?me########
- http://we####renough.net/index.php?me########
- http://am####enough.net/index.php?me########
- http://we####rneedle.net/index.php?me########
- http://am####govern.net/index.php?me########
- http://cl###nature.net/index.php?me########
- http://th###nature.net/index.php?me########
- http://we####rgovern.net/index.php?me########
- http://th###cover.net/index.php?me########
- http://co####ebecome.net/index.php?me########
- http://ch###become.net/index.php?me########
- http://co####ecover.net/index.php?me########
- http://ch####ompany.net/index.php?me########
- http://al####urther.net/index.php?me########
- http://of####urther.net/index.php?me########
- http://co####ecompany.net/index.php?me########
- http://ch###cover.net/index.php?me########
- http://pr####tbecome.net/index.php?me########
- http://th###become.net/index.php?me########
- http://pr####tcover.net/index.php?me########
- http://th####ompany.net/index.php?me########
- http://co####efurther.net/index.php?me########
- http://ch####urther.net/index.php?me########
- http://pr####tcompany.net/index.php?me########
- http://mi####govern.net/index.php?me########
- http://tw####enough.net/index.php?me########
- http://mi####enough.net/index.php?me########
- http://tw####govern.net/index.php?me########
- http://ra####needle.net/index.php?me########
- http://mo####gnature.net/index.php?me########
- http://ra####nature.net/index.php?me########
- http://tw####needle.net/index.php?me########
- http://of###govern.net/index.php?me########
- http://al###enough.net/index.php?me########
- http://of###enough.net/index.php?me########
- http://al###govern.net/index.php?me########
- http://mi####needle.net/index.php?me########
- http://tw####nature.net/index.php?me########
- http://mi####nature.net/index.php?me########
- http://mo####gneedle.net/index.php?me########
- http://st####egovern.net/index.php?me########
- http://hi####yenough.net/index.php?me########
- http://st####eenough.net/index.php?me########
- http://hi####ygovern.net/index.php?me########
- http://am####needle.net/index.php?me########
- http://we####rnature.net/index.php?me########
- http://am####nature.net/index.php?me########
- http://hi####yneedle.net/index.php?me########
- http://ra####govern.net/index.php?me########
- http://mo####genough.net/index.php?me########
- http://ra####enough.net/index.php?me########
- http://mo####ggovern.net/index.php?me########
- http://st####eneedle.net/index.php?me########
- http://hi####ynature.net/index.php?me########
- http://st####enature.net/index.php?me########
- DNS ASK th###govern.net
- DNS ASK cl###enough.net
- DNS ASK th###enough.net
- DNS ASK cl###govern.net
- DNS ASK th###cover.net
- DNS ASK pr####tfurther.net
- DNS ASK th####urther.net
- DNS ASK cl###needle.net
- DNS ASK am####govern.net
- DNS ASK we####renough.net
- DNS ASK am####enough.net
- DNS ASK we####rgovern.net
- DNS ASK th###needle.net
- DNS ASK cl###nature.net
- DNS ASK th###nature.net
- DNS ASK pr####tcover.net
- DNS ASK ch####ompany.net
- DNS ASK co####ebecome.net
- DNS ASK ch###become.net
- DNS ASK co####ecompany.net
- DNS ASK of###cover.net
- DNS ASK al####urther.net
- DNS ASK of####urther.net
- DNS ASK co####ecover.net
- DNS ASK th####ompany.net
- DNS ASK pr####tbecome.net
- DNS ASK th###become.net
- DNS ASK pr####tcompany.net
- DNS ASK ch###cover.net
- DNS ASK co####efurther.net
- DNS ASK ch####urther.net
- DNS ASK we####rneedle.net
- DNS ASK mi####govern.net
- DNS ASK tw####enough.net
- DNS ASK mi####enough.net
- DNS ASK tw####govern.net
- DNS ASK ra####needle.net
- DNS ASK mo####gnature.net
- DNS ASK ra####nature.net
- DNS ASK tw####needle.net
- DNS ASK of###govern.net
- DNS ASK al###enough.net
- DNS ASK of###enough.net
- DNS ASK al###govern.net
- DNS ASK mi####needle.net
- DNS ASK tw####nature.net
- DNS ASK mi####nature.net
- DNS ASK mo####gneedle.net
- DNS ASK st####egovern.net
- DNS ASK hi####yenough.net
- DNS ASK st####eenough.net
- DNS ASK hi####ygovern.net
- DNS ASK am####needle.net
- DNS ASK we####rnature.net
- DNS ASK am####nature.net
- DNS ASK hi####yneedle.net
- DNS ASK ra####govern.net
- DNS ASK mo####genough.net
- DNS ASK ra####enough.net
- DNS ASK mo####ggovern.net
- DNS ASK st####eneedle.net
- DNS ASK hi####ynature.net
- DNS ASK st####enature.net