Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Initiator Session Group Scheduler' = '%APPDATA%\cwidfpmjittu\gjlellktjqe.exe'
- '%APPDATA%\cwidfpmjittu\baxxiwyun.exe' "%APPDATA%\cwidfpmjittu\gjlellktjqe.exe"
- '%APPDATA%\cwidfpmjittu\gjlellktjqe.exe'
- %APPDATA%\cwidfpmjittu\gjlellktjqe.ap
- %APPDATA%\cwidfpmjittu\baxxiwyun.exe
- %APPDATA%\cwidfpmjittu\gjlellktjqe.exe
- %APPDATA%\cwidfpmjittu\baxxiwyun.exe
- %APPDATA%\cwidfpmjittu\gjlellktjqe.exe
- 'we####rfuture.net':80
- 'am####future.net':80
- 'th###smell.net':80
- 'th###early.net':80
- 'cl###smell.net':80
- 'we####rsafety.net':80
- 'we####rsmell.net':80
- 'am###tsmell.net':80
- 'am###tearly.net':80
- 'am####safety.net':80
- 'we####rearly.net':80
- 'th###health.net':80
- 'pr####tseparate.net':80
- 'pr####thealth.net':80
- 'pr####tclothes.net':80
- 'th####lothes.net':80
- 'th####eparate.net':80
- 'th###safety.net':80
- 'cl###early.net':80
- 'cl###safety.net':80
- 'cl###future.net':80
- 'th###future.net':80
- 'hi####yfuture.net':80
- 'ra###rsmell.net':80
- 'tw####future.net':80
- 'mo####gsmell.net':80
- 'mo####gearly.net':80
- 'ra###rearly.net':80
- 'mi####future.net':80
- 'mi###eearly.net':80
- 'tw###esmell.net':80
- 'tw###eearly.net':80
- 'tw####safety.net':80
- 'mi####safety.net':80
- 'hi####yearly.net':80
- 'st####eearly.net':80
- 'st####esafety.net':80
- 'st####efuture.net':80
- 'hi####ysafety.net':80
- 'hi####ysmell.net':80
- 'mo####gsafety.net':80
- 'ra####safety.net':80
- 'ra####future.net':80
- 'st####esmell.net':80
- 'mo####gfuture.net':80
- we####rfuture.net/forum/search.php?em################################
- am####future.net/forum/search.php?em################################
- th###smell.net/forum/search.php?em################################
- th###early.net/forum/search.php?em################################
- cl###smell.net/forum/search.php?em################################
- we####rsafety.net/forum/search.php?em################################
- we####rsmell.net/forum/search.php?em################################
- am###tsmell.net/forum/search.php?em################################
- am###tearly.net/forum/search.php?em################################
- am####safety.net/forum/search.php?em################################
- we####rearly.net/forum/search.php?em################################
- th###health.net/forum/search.php?em################################
- pr####tseparate.net/forum/search.php?em################################
- pr####thealth.net/forum/search.php?em################################
- pr####tclothes.net/forum/search.php?em################################
- th####lothes.net/forum/search.php?em################################
- th####eparate.net/forum/search.php?em################################
- th###safety.net/forum/search.php?em################################
- cl###early.net/forum/search.php?em################################
- cl###safety.net/forum/search.php?em################################
- cl###future.net/forum/search.php?em################################
- th###future.net/forum/search.php?em################################
- hi####yfuture.net/forum/search.php?em################################
- ra###rsmell.net/forum/search.php?em################################
- tw####future.net/forum/search.php?em################################
- mo####gsmell.net/forum/search.php?em################################
- mo####gearly.net/forum/search.php?em################################
- ra###rearly.net/forum/search.php?em################################
- mi####future.net/forum/search.php?em################################
- mi###eearly.net/forum/search.php?em################################
- tw###esmell.net/forum/search.php?em################################
- tw###eearly.net/forum/search.php?em################################
- tw####safety.net/forum/search.php?em################################
- mi####safety.net/forum/search.php?em################################
- hi####yearly.net/forum/search.php?em################################
- st####eearly.net/forum/search.php?em################################
- st####esafety.net/forum/search.php?em################################
- st####efuture.net/forum/search.php?em################################
- hi####ysafety.net/forum/search.php?em################################
- hi####ysmell.net/forum/search.php?em################################
- mo####gsafety.net/forum/search.php?em################################
- ra####safety.net/forum/search.php?em################################
- ra####future.net/forum/search.php?em################################
- st####esmell.net/forum/search.php?em################################
- mo####gfuture.net/forum/search.php?em################################
- DNS ASK we####rfuture.net
- DNS ASK am####future.net
- DNS ASK th###smell.net
- DNS ASK th###early.net
- DNS ASK cl###smell.net
- DNS ASK we####rsafety.net
- DNS ASK we####rsmell.net
- DNS ASK am###tsmell.net
- DNS ASK am###tearly.net
- DNS ASK am####safety.net
- DNS ASK we####rearly.net
- DNS ASK cl###early.net
- DNS ASK pr####thealth.net
- DNS ASK th###health.net
- DNS ASK th####lothes.net
- DNS ASK th####istant.net
- DNS ASK pr####tclothes.net
- DNS ASK pr####tseparate.net
- DNS ASK cl###safety.net
- DNS ASK th###safety.net
- DNS ASK th###future.net
- DNS ASK th####eparate.net
- DNS ASK cl###future.net
- DNS ASK ra###rsmell.net
- DNS ASK tw####future.net
- DNS ASK mo####gsmell.net
- DNS ASK mo####gearly.net
- DNS ASK ra###rearly.net
- DNS ASK mi####future.net
- DNS ASK mi###eearly.net
- DNS ASK tw###esmell.net
- DNS ASK tw###eearly.net
- DNS ASK tw####safety.net
- DNS ASK mi####safety.net
- DNS ASK ra####safety.net
- DNS ASK st####esafety.net
- DNS ASK hi####yearly.net
- DNS ASK hi####ysafety.net
- DNS ASK hi####yfuture.net
- DNS ASK st####efuture.net
- DNS ASK st####eearly.net
- DNS ASK ra####future.net
- DNS ASK mo####gsafety.net
- DNS ASK mo####gfuture.net
- DNS ASK hi####ysmell.net
- DNS ASK st####esmell.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''