Technical Information
- [HKLM\System\CurrentControlSet\Services\Server Initiator DHCP Debugger] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\Server Initiator DHCP Debugger] 'ImagePath' = 'C:\helrrxxyrxmppnn\aoxsaykytfn.exe'
- 'Server Initiator DHCP Debugger' C:\helrrxxyrxmppnn\aoxsaykytfn.exe
- %WINDIR%\helrrxxyrxmppnn\oym5yamsp1r
- C:\helrrxxyrxmppnn\oym5yamsp1r
- C:\helrrxxyrxmppnn\aw1jq5bbpebwqkliimle.exe
- C:\helrrxxyrxmppnn\aoxsaykytfn.exe
- C:\helrrxxyrxmppnn\lxugwbfrq.exe
- C:\helrrxxyrxmppnn\zqzgdqiac
- C:\helrrxxyrxmppnn\aoxsaykytfn.exe
- C:\helrrxxyrxmppnn\lxugwbfrq.exe
- %WINDIR%\helrrxxyrxmppnn\oym5yamsp1r
- C:\helrrxxyrxmppnn\aw1jq5bbpebwqkliimle.exe
- %WINDIR%\helrrxxyrxmppnn\oym5yamsp1r
- 'en####hlanguage.net':80
- 'ex####success.net':80
- 'pe####success.net':80
- 'fa###yfound.net':80
- 'fa####success.net':80
- 'en####hfound.net':80
- http://en####hlanguage.net/index.php
- http://ex####success.net/index.php
- http://pe####success.net/index.php
- http://fa###yfound.net/index.php
- http://fa####success.net/index.php
- http://en####hfound.net/index.php
- DNS ASK ch####ensettle.net
- DNS ASK pi####esuccess.net
- DNS ASK ci####ttespring.net
- DNS ASK pi####espring.net
- DNS ASK ci####ttefound.net
- DNS ASK pi####efound.net
- DNS ASK th####banker.net
- DNS ASK fi####banker.net
- DNS ASK th####success.net
- DNS ASK fi####success.net
- DNS ASK th####spring.net
- DNS ASK fi####spring.net
- DNS ASK th###hfound.net
- DNS ASK fi###efound.net
- DNS ASK ri###banker.net
- DNS ASK wh####rbanker.net
- DNS ASK ri####uccess.net
- DNS ASK wh####rsuccess.net
- DNS ASK ci#####tesuccess.net
- DNS ASK pi####ebanker.net
- DNS ASK ci####ttebanker.net
- DNS ASK ch####enfound.net
- DNS ASK ex####straight.net
- DNS ASK be####eairplane.net
- DNS ASK ex####airplane.net
- DNS ASK en####hbanker.net
- DNS ASK ei####banker.net
- DNS ASK en####hsuccess.net
- DNS ASK ei####success.net
- DNS ASK en####hspring.net
- DNS ASK en####hfound.net
- DNS ASK ei####spring.net
- DNS ASK ei###rfound.net
- DNS ASK fa####banker.net
- DNS ASK ch####enbanker.net
- DNS ASK fa####success.net
- DNS ASK ch####ensuccess.net
- DNS ASK fa####spring.net
- DNS ASK ch####enspring.net
- DNS ASK fa###yfound.net
- DNS ASK be####estraight.net
- DNS ASK ri###spring.net
- DNS ASK wh####rspring.net
- DNS ASK ri###found.net
- DNS ASK be####efound.net
- DNS ASK ex###tfound.net
- DNS ASK en####hbefore.net
- DNS ASK ei####before.net
- DNS ASK en####hdevice.net
- DNS ASK ei####device.net
- DNS ASK en####hlanguage.net
- DNS ASK ei####language.net
- DNS ASK en####hsettle.net
- DNS ASK ei####settle.net
- DNS ASK fa####before.net
- DNS ASK ch####enbefore.net
- DNS ASK fa####device.net
- DNS ASK ch####endevice.net
- DNS ASK fa####language.net
- DNS ASK ch#####nlanguage.net
- DNS ASK fa####settle.net
- DNS ASK ex####spring.net
- DNS ASK be####espring.net
- DNS ASK ex####success.net
- DNS ASK be####esuccess.net
- DNS ASK fo####nbanker.net
- DNS ASK su####banker.net
- DNS ASK fo####nsuccess.net
- DNS ASK su####success.net
- DNS ASK fo####nspring.net
- DNS ASK su####spring.net
- DNS ASK fo####nfound.net
- DNS ASK su###nfound.net
- DNS ASK pe####banker.net
- DNS ASK ma####ebanker.net
- DNS ASK ma####esuccess.net
- DNS ASK pe####success.net
- DNS ASK ma####espring.net
- DNS ASK pe####spring.net
- DNS ASK ma####efound.net
- DNS ASK pe###nfound.net
- DNS ASK be####ebanker.net
- DNS ASK ex####banker.net
- DNS ASK wh####rfound.net
- DNS ASK ex###tguard.net
- 'C:\helrrxxyrxmppnn\aw1jq5bbpebwqkliimle.exe'
- 'C:\helrrxxyrxmppnn\aoxsaykytfn.exe'
- 'C:\helrrxxyrxmppnn\lxugwbfrq.exe' "c:\helrrxxyrxmppnn\aoxsaykytfn.exe"