Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Search Font Propagation Brightness' = 'C:\wjuhjbuujkmnd\iprdthsij.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Layer Secure Virtual Session CardSpace] 'Start' = '00000002'
- 'C:\wjuhjbuujkmnd\ehvydgltrzyc.exe' "c:\wjuhjbuujkmnd\iprdthsij.exe"
- 'C:\wjuhjbuujkmnd\iprdthsij.exe'
- 'C:\wjuhjbuujkmnd\anmu2r2uo91wdtp1q.exe'
- C:\wjuhjbuujkmnd\iprdthsij.exe
- C:\wjuhjbuujkmnd\ehvydgltrzyc.exe
- C:\wjuhjbuujkmnd\rtommghnhw
- %WINDIR%\wjuhjbuujkmnd\kjuwqhjqr7
- C:\wjuhjbuujkmnd\kjuwqhjqr7
- C:\wjuhjbuujkmnd\anmu2r2uo91wdtp1q.exe
- C:\wjuhjbuujkmnd\ehvydgltrzyc.exe
- C:\wjuhjbuujkmnd\iprdthsij.exe
- C:\wjuhjbuujkmnd\anmu2r2uo91wdtp1q.exe
- %WINDIR%\wjuhjbuujkmnd\kjuwqhjqr7
- 'ca####nbright.net':80
- 'la###bright.net':80
- 'ca####nexplain.net':80
- 'la###inside.net':80
- 'el####icinstead.net':80
- 're####instead.net':80
- 'ca####ninside.net':80
- 'la####xplain.net':80
- 'de####bright.net':80
- 'ni###bright.net':80
- 'de####explain.net':80
- 'ni###inside.net':80
- 'ca####ninstead.net':80
- 'la####nstead.net':80
- 'de####inside.net':80
- 're####explain.net':80
- 'tr###bright.net':80
- 'st####bright.net':80
- 'tr####xplain.net':80
- 'st####inside.net':80
- 'ga####instead.net':80
- 'be####instead.net':80
- 'tr###inside.net':80
- 'st####explain.net':80
- 'el####icbright.net':80
- 're####bright.net':80
- 'el####icexplain.net':80
- 're####inside.net':80
- 'tr####nstead.net':80
- 'st####instead.net':80
- 'el####icinside.net':80
- 'fl###appear.net':80
- 'br####usiness.net':80
- 'fl####usiness.net':80
- 'br###appear.net':80
- 'qu####nother.net':80
- 'se####manner.net':80
- 'qu###manner.net':80
- 'br####nother.net':80
- 'be####appear.net':80
- 'ga####business.net':80
- 'be####business.net':80
- 'ga####appear.net':80
- 'fl####nother.net':80
- 'br###manner.net':80
- 'fl###manner.net':80
- 'se####another.net':80
- 'ag####tinside.net':80
- 'do###bright.net':80
- 'ag####tbright.net':80
- 'do###inside.net':80
- 'ni####xplain.net':80
- 'de####instead.net':80
- 'ni####nstead.net':80
- 'do####xplain.net':80
- 'qu###appear.net':80
- 'se####business.net':80
- 'qu####usiness.net':80
- 'se####appear.net':80
- 'ag####texplain.net':80
- 'do####nstead.net':80
- 'ag####tinstead.net':80
- http://ca####nbright.net/index.php?me########
- http://la###bright.net/index.php?me########
- http://ca####nexplain.net/index.php?me########
- http://la###inside.net/index.php?me########
- http://el####icinstead.net/index.php?me########
- http://re####instead.net/index.php?me########
- http://ca####ninside.net/index.php?me########
- http://la####xplain.net/index.php?me########
- http://de####bright.net/index.php?me########
- http://ni###bright.net/index.php?me########
- http://de####explain.net/index.php?me########
- http://ni###inside.net/index.php?me########
- http://ca####ninstead.net/index.php?me########
- http://la####nstead.net/index.php?me########
- http://de####inside.net/index.php?me########
- http://re####explain.net/index.php?me########
- http://tr###bright.net/index.php?me########
- http://st####bright.net/index.php?me########
- http://tr####xplain.net/index.php?me########
- http://st####inside.net/index.php?me########
- http://ga####instead.net/index.php?me########
- http://be####instead.net/index.php?me########
- http://tr###inside.net/index.php?me########
- http://st####explain.net/index.php?me########
- http://el####icbright.net/index.php?me########
- http://re####bright.net/index.php?me########
- http://el####icexplain.net/index.php?me########
- http://re####inside.net/index.php?me########
- http://tr####nstead.net/index.php?me########
- http://st####instead.net/index.php?me########
- http://el####icinside.net/index.php?me########
- http://fl###appear.net/index.php?me########
- http://br####usiness.net/index.php?me########
- http://fl####usiness.net/index.php?me########
- http://br###appear.net/index.php?me########
- http://qu####nother.net/index.php?me########
- http://se####manner.net/index.php?me########
- http://qu###manner.net/index.php?me########
- http://br####nother.net/index.php?me########
- http://be####appear.net/index.php?me########
- http://ga####business.net/index.php?me########
- http://be####business.net/index.php?me########
- http://ga####appear.net/index.php?me########
- http://fl####nother.net/index.php?me########
- http://br###manner.net/index.php?me########
- http://fl###manner.net/index.php?me########
- http://se####another.net/index.php?me########
- http://ag####tinside.net/index.php?me########
- http://do###bright.net/index.php?me########
- http://ag####tbright.net/index.php?me########
- http://do###inside.net/index.php?me########
- http://ni####xplain.net/index.php?me########
- http://de####instead.net/index.php?me########
- http://ni####nstead.net/index.php?me########
- http://do####xplain.net/index.php?me########
- http://qu###appear.net/index.php?me########
- http://se####business.net/index.php?me########
- http://qu####usiness.net/index.php?me########
- http://se####appear.net/index.php?me########
- http://ag####texplain.net/index.php?me########
- http://do####nstead.net/index.php?me########
- http://ag####tinstead.net/index.php?me########
- DNS ASK la###inside.net
- DNS ASK ca####nbright.net
- DNS ASK la###bright.net
- DNS ASK ca####ninside.net
- DNS ASK re####explain.net
- DNS ASK el####icinstead.net
- DNS ASK re####instead.net
- DNS ASK ca####nexplain.net
- DNS ASK ni###inside.net
- DNS ASK de####bright.net
- DNS ASK ni###bright.net
- DNS ASK de####inside.net
- DNS ASK la####xplain.net
- DNS ASK ca####ninstead.net
- DNS ASK la####nstead.net
- DNS ASK el####icexplain.net
- DNS ASK st####inside.net
- DNS ASK tr###bright.net
- DNS ASK st####bright.net
- DNS ASK tr###inside.net
- DNS ASK be####explain.net
- DNS ASK ga####instead.net
- DNS ASK be####instead.net
- DNS ASK tr####xplain.net
- DNS ASK re####inside.net
- DNS ASK el####icbright.net
- DNS ASK re####bright.net
- DNS ASK el####icinside.net
- DNS ASK st####explain.net
- DNS ASK tr####nstead.net
- DNS ASK st####instead.net
- DNS ASK de####explain.net
- DNS ASK fl###appear.net
- DNS ASK br####usiness.net
- DNS ASK fl####usiness.net
- DNS ASK br###appear.net
- DNS ASK qu####nother.net
- DNS ASK se####manner.net
- DNS ASK qu###manner.net
- DNS ASK br####nother.net
- DNS ASK be####appear.net
- DNS ASK ga####business.net
- DNS ASK be####business.net
- DNS ASK ga####appear.net
- DNS ASK fl####nother.net
- DNS ASK br###manner.net
- DNS ASK fl###manner.net
- DNS ASK se####another.net
- DNS ASK ag####tinside.net
- DNS ASK do###bright.net
- DNS ASK ag####tbright.net
- DNS ASK do###inside.net
- DNS ASK ni####xplain.net
- DNS ASK de####instead.net
- DNS ASK ni####nstead.net
- DNS ASK do####xplain.net
- DNS ASK qu###appear.net
- DNS ASK se####business.net
- DNS ASK qu####usiness.net
- DNS ASK se####appear.net
- DNS ASK ag####texplain.net
- DNS ASK do####nstead.net
- DNS ASK ag####tinstead.net
- ClassName: 'Shell_TrayWnd' WindowName: ''