Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Network Accounts Process Shell' = 'C:\brouzgxvmocust\ylgathgxgj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Trap Performance DCOM Health Connection] 'ImagePath' = 'C:\brouzgxvmocust\ylgathgxgj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Trap Performance DCOM Health Connection] 'Start' = '00000002'
- 'C:\brouzgxvmocust\wjwtgcfex.exe' "c:\brouzgxvmocust\ylgathgxgj.exe"
- 'C:\brouzgxvmocust\ylgathgxgj.exe'
- 'C:\brouzgxvmocust\vwfks2ei5mteiqlk1.exe'
- C:\brouzgxvmocust\ylgathgxgj.exe
- C:\brouzgxvmocust\wjwtgcfex.exe
- C:\brouzgxvmocust\vwfks2ei5mteiqlk1.exe
- %WINDIR%\brouzgxvmocust\ibhblarq9
- C:\brouzgxvmocust\ibhblarq9
- C:\brouzgxvmocust\wjwtgcfex.exe
- C:\brouzgxvmocust\ylgathgxgj.exe
- C:\brouzgxvmocust\vwfks2ei5mteiqlk1.exe
- %WINDIR%\brouzgxvmocust\ibhblarq9
- 'su####manner.net':80
- 'cr###manner.net':80
- 'kn###appear.net':80
- 'kn####usiness.net':80
- 'be###appear.net':80
- 'su####another.net':80
- 'su####appear.net':80
- 'cr###appear.net':80
- 'cr####usiness.net':80
- 'cr####nother.net':80
- 'su####business.net':80
- 'be####usiness.net':80
- 'fo####business.net':80
- 'me####business.net':80
- 'me####another.net':80
- 'me####manner.net':80
- 'fo####another.net':80
- 'fo####appear.net':80
- 'be####nother.net':80
- 'kn####nother.net':80
- 'kn###manner.net':80
- 'me####appear.net':80
- 'be###manner.net':80
- 'th####tmanner.net':80
- 'pa###manner.net':80
- 'fi###manner.net':80
- 'sm###appear.net':80
- 'sm####usiness.net':80
- 'wo###appear.net':80
- 'pa####nother.net':80
- 'pa###appear.net':80
- 'fi###appear.net':80
- 'fi####usiness.net':80
- 'fi####nother.net':80
- 'pa####usiness.net':80
- 'wo####usiness.net':80
- 'th####tbusiness.net':80
- 'wa####usiness.net':80
- 'wa####nother.net':80
- 'wa###manner.net':80
- 'th####tanother.net':80
- 'th####tappear.net':80
- 'wo####nother.net':80
- 'sm####nother.net':80
- 'sm###manner.net':80
- 'wa###appear.net':80
- 'wo###manner.net':80
- 'fo####manner.net':80
- 'wo###stream.net':80
- 'sm###stream.net':80
- 'wa###divide.net':80
- 'wa###bottle.net':80
- 'th####tdivide.net':80
- 'wo####othing.net':80
- 'wo###divide.net':80
- 'sm###divide.net':80
- 'sm###bottle.net':80
- 'sm####othing.net':80
- 'wo###bottle.net':80
- 'th####tbottle.net':80
- 'su####bottle.net':80
- 'cr###bottle.net':80
- 'cr####othing.net':80
- 'cr###stream.net':80
- 'su####nothing.net':80
- 'su####divide.net':80
- 'th####tnothing.net':80
- 'wa####othing.net':80
- 'wa###stream.net':80
- 'cr###divide.net':80
- 'th####tstream.net':80
- 'pa###stream.net':80
- 'ge####manmanner.net':80
- 'al####ymanner.net':80
- 'ex#####nceappear.net':80
- 'ex#####ncebusiness.net':80
- 'fr###appear.net':80
- 'ge#####ananother.net':80
- 'ge####manappear.net':80
- 'al####yappear.net':80
- 'al####ybusiness.net':80
- 'al####yanother.net':80
- 'ge#####anbusiness.net':80
- 'fr####usiness.net':80
- 'pa###bottle.net':80
- 'fi###bottle.net':80
- 'fi####othing.net':80
- 'fi###stream.net':80
- 'pa####othing.net':80
- 'pa###divide.net':80
- 'fr####nother.net':80
- 'ex#####nceanother.net':80
- 'ex#####ncemanner.net':80
- 'fi###divide.net':80
- 'fr###manner.net':80
- http://su####manner.net/index.php
- http://cr###manner.net/index.php
- http://kn###appear.net/index.php
- http://kn####usiness.net/index.php
- http://be###appear.net/index.php
- http://su####another.net/index.php
- http://su####appear.net/index.php
- http://cr###appear.net/index.php
- http://cr####usiness.net/index.php
- http://cr####nother.net/index.php
- http://su####business.net/index.php
- http://be####usiness.net/index.php
- http://fo####business.net/index.php
- http://me####business.net/index.php
- http://me####another.net/index.php
- http://me####manner.net/index.php
- http://fo####another.net/index.php
- http://fo####appear.net/index.php
- http://be####nother.net/index.php
- http://kn####nother.net/index.php
- http://kn###manner.net/index.php
- http://me####appear.net/index.php
- http://be###manner.net/index.php
- http://th####tmanner.net/index.php
- http://pa###manner.net/index.php
- http://fi###manner.net/index.php
- http://sm###appear.net/index.php
- http://sm####usiness.net/index.php
- http://wo###appear.net/index.php
- http://pa####nother.net/index.php
- http://pa###appear.net/index.php
- http://fi###appear.net/index.php
- http://fi####usiness.net/index.php
- http://fi####nother.net/index.php
- http://pa####usiness.net/index.php
- http://wo####usiness.net/index.php
- http://th####tbusiness.net/index.php
- http://wa####usiness.net/index.php
- http://wa####nother.net/index.php
- http://wa###manner.net/index.php
- http://th####tanother.net/index.php
- http://th####tappear.net/index.php
- http://wo####nother.net/index.php
- http://sm####nother.net/index.php
- http://sm###manner.net/index.php
- http://wa###appear.net/index.php
- http://wo###manner.net/index.php
- http://fo####manner.net/index.php
- http://wo###stream.net/index.php
- http://sm###stream.net/index.php
- http://wa###divide.net/index.php
- http://wa###bottle.net/index.php
- http://th####tdivide.net/index.php
- http://wo####othing.net/index.php
- http://wo###divide.net/index.php
- http://sm###divide.net/index.php
- http://sm###bottle.net/index.php
- http://sm####othing.net/index.php
- http://wo###bottle.net/index.php
- http://th####tbottle.net/index.php
- http://su####bottle.net/index.php
- http://cr###bottle.net/index.php
- http://cr####othing.net/index.php
- http://cr###stream.net/index.php
- http://su####nothing.net/index.php
- http://su####divide.net/index.php
- http://th####tnothing.net/index.php
- http://wa####othing.net/index.php
- http://wa###stream.net/index.php
- http://cr###divide.net/index.php
- http://th####tstream.net/index.php
- http://pa###stream.net/index.php
- http://ge####manmanner.net/index.php
- http://al####ymanner.net/index.php
- http://ex#####nceappear.net/index.php
- http://ex#####ncebusiness.net/index.php
- http://fr###appear.net/index.php
- http://ge#####ananother.net/index.php
- http://ge####manappear.net/index.php
- http://al####yappear.net/index.php
- http://al####ybusiness.net/index.php
- http://al####yanother.net/index.php
- http://ge#####anbusiness.net/index.php
- http://fr####usiness.net/index.php
- http://pa###bottle.net/index.php
- http://fi###bottle.net/index.php
- http://fi####othing.net/index.php
- http://fi###stream.net/index.php
- http://pa####othing.net/index.php
- http://pa###divide.net/index.php
- http://fr####nother.net/index.php
- http://ex#####nceanother.net/index.php
- http://ex#####ncemanner.net/index.php
- http://fi###divide.net/index.php
- http://fr###manner.net/index.php
- DNS ASK su####manner.net
- DNS ASK cr###manner.net
- DNS ASK kn###appear.net
- DNS ASK kn####usiness.net
- DNS ASK be###appear.net
- DNS ASK su####another.net
- DNS ASK su####appear.net
- DNS ASK cr###appear.net
- DNS ASK cr####usiness.net
- DNS ASK cr####nother.net
- DNS ASK su####business.net
- DNS ASK be####usiness.net
- DNS ASK fo####business.net
- DNS ASK me####business.net
- DNS ASK me####another.net
- DNS ASK me####manner.net
- DNS ASK fo####another.net
- DNS ASK fo####appear.net
- DNS ASK be####nother.net
- DNS ASK kn####nother.net
- DNS ASK kn###manner.net
- DNS ASK me####appear.net
- DNS ASK be###manner.net
- DNS ASK th####tmanner.net
- DNS ASK pa###manner.net
- DNS ASK fi###manner.net
- DNS ASK sm###appear.net
- DNS ASK sm####usiness.net
- DNS ASK wo###appear.net
- DNS ASK pa####nother.net
- DNS ASK pa###appear.net
- DNS ASK fi###appear.net
- DNS ASK fi####usiness.net
- DNS ASK fi####nother.net
- DNS ASK pa####usiness.net
- DNS ASK wo####usiness.net
- DNS ASK th####tbusiness.net
- DNS ASK wa####usiness.net
- DNS ASK wa####nother.net
- DNS ASK wa###manner.net
- DNS ASK th####tanother.net
- DNS ASK th####tappear.net
- DNS ASK wo####nother.net
- DNS ASK sm####nother.net
- DNS ASK sm###manner.net
- DNS ASK wa###appear.net
- DNS ASK wo###manner.net
- DNS ASK fo####manner.net
- DNS ASK wo###stream.net
- DNS ASK sm###stream.net
- DNS ASK wa###divide.net
- DNS ASK wa###bottle.net
- DNS ASK th####tdivide.net
- DNS ASK wo####othing.net
- DNS ASK wo###divide.net
- DNS ASK sm###divide.net
- DNS ASK sm###bottle.net
- DNS ASK sm####othing.net
- DNS ASK wo###bottle.net
- DNS ASK th####tbottle.net
- DNS ASK su####bottle.net
- DNS ASK cr###bottle.net
- DNS ASK cr####othing.net
- DNS ASK cr###stream.net
- DNS ASK su####nothing.net
- DNS ASK su####divide.net
- DNS ASK th####tnothing.net
- DNS ASK wa####othing.net
- DNS ASK wa###stream.net
- DNS ASK cr###divide.net
- DNS ASK th####tstream.net
- DNS ASK pa###stream.net
- DNS ASK ge####manmanner.net
- DNS ASK al####ymanner.net
- DNS ASK ex#####nceappear.net
- DNS ASK ex#####ncebusiness.net
- DNS ASK fr###appear.net
- DNS ASK ge#####ananother.net
- DNS ASK ge####manappear.net
- DNS ASK al####yappear.net
- DNS ASK al####ybusiness.net
- DNS ASK al####yanother.net
- DNS ASK ge#####anbusiness.net
- DNS ASK fr####usiness.net
- DNS ASK pa###bottle.net
- DNS ASK fi###bottle.net
- DNS ASK fi####othing.net
- DNS ASK fi###stream.net
- DNS ASK pa####othing.net
- DNS ASK pa###divide.net
- DNS ASK fr####nother.net
- DNS ASK ex#####nceanother.net
- DNS ASK ex#####ncemanner.net
- DNS ASK fi###divide.net
- DNS ASK fr###manner.net
- ClassName: 'Shell_TrayWnd' WindowName: ''