Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Power Multimedia Logs Engine Foundation' = '<LS_APPDATA>\usuajiwpe\fwkdzyeigqku.exe'
- '<LS_APPDATA>\usuajiwpe\snwchxbnse.exe' "<LS_APPDATA>\usuajiwpe\fwkdzyeigqku.exe"
- '<LS_APPDATA>\usuajiwpe\fwkdzyeigqku.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- <LS_APPDATA>\usuajiwpe\fwkdzyeigqku.qoh
- <LS_APPDATA>\usuajiwpe\snwchxbnse.exe
- <LS_APPDATA>\usuajiwpe\fwkdzyeigqku.exe
- <LS_APPDATA>\usuajiwpe\snwchxbnse.exe
- <LS_APPDATA>\usuajiwpe\fwkdzyeigqku.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'hu####ddirect.net':80
- 'jo####ydirect.net':80
- 'jo####ybrought.net':80
- 'de####ymethod.net':80
- 'hu####dbrought.net':80
- 'hu####daction.net':80
- 're####erworth.net':80
- 'wo###worth.net':80
- 'jo####ymethod.net':80
- 'jo####yaction.net':80
- 'hu####dmethod.net':80
- 'ri####method.net':80
- 'li####brought.net':80
- 'be####method.net':80
- 'be####action.net':80
- 'ri####action.net':80
- 'de####ybrought.net':80
- 'de####yaction.net':80
- 'li####method.net':80
- 'li####action.net':80
- 'li####direct.net':80
- 'de####ydirect.net':80
- 'th####hworth.net':80
- 'ef###tworth.net':80
- 'fo###tround.net':80
- 'fo####glossary.net':80
- 'in####seround.net':80
- 'th####hlikely.net':80
- 'th####hround.net':80
- 'ef###tround.net':80
- 'ef####glossary.net':80
- 'ef####likely.net':80
- 'th####hglossary.net':80
- 'wo####lossary.net':80
- 're####erround.net':80
- 're#####rglossary.net':80
- 're####erlikely.net':80
- 'wo###likely.net':80
- 'wo###round.net':80
- 'fo####likely.net':80
- 'in#####eglossary.net':80
- 'in####selikely.net':80
- 'in####seworth.net':80
- 'fo###tworth.net':80
- hu####ddirect.net/forum/search.php?em####################################
- jo####ydirect.net/forum/search.php?em####################################
- jo####ybrought.net/forum/search.php?em####################################
- de####ymethod.net/forum/search.php?em####################################
- hu####dbrought.net/forum/search.php?em####################################
- hu####daction.net/forum/search.php?em####################################
- re####erworth.net/forum/search.php?em####################################
- wo###worth.net/forum/search.php?em####################################
- jo####ymethod.net/forum/search.php?em####################################
- jo####yaction.net/forum/search.php?em####################################
- hu####dmethod.net/forum/search.php?em####################################
- ri####method.net/forum/search.php?em####################################
- li####brought.net/forum/search.php?em####################################
- be####method.net/forum/search.php?em####################################
- be####action.net/forum/search.php?em####################################
- ri####action.net/forum/search.php?em####################################
- de####ybrought.net/forum/search.php?em####################################
- de####yaction.net/forum/search.php?em####################################
- li####method.net/forum/search.php?em####################################
- li####action.net/forum/search.php?em####################################
- li####direct.net/forum/search.php?em####################################
- de####ydirect.net/forum/search.php?em####################################
- th####hworth.net/forum/search.php?em####################################
- ef###tworth.net/forum/search.php?em####################################
- fo###tround.net/forum/search.php?em####################################
- fo####glossary.net/forum/search.php?em####################################
- in####seround.net/forum/search.php?em####################################
- th####hlikely.net/forum/search.php?em####################################
- th####hround.net/forum/search.php?em####################################
- ef###tround.net/forum/search.php?em####################################
- ef####glossary.net/forum/search.php?em####################################
- ef####likely.net/forum/search.php?em####################################
- th####hglossary.net/forum/search.php?em####################################
- wo####lossary.net/forum/search.php?em####################################
- re####erround.net/forum/search.php?em####################################
- re#####rglossary.net/forum/search.php?em####################################
- re####erlikely.net/forum/search.php?em####################################
- wo###likely.net/forum/search.php?em####################################
- wo###round.net/forum/search.php?em####################################
- fo####likely.net/forum/search.php?em####################################
- in#####eglossary.net/forum/search.php?em####################################
- in####selikely.net/forum/search.php?em####################################
- in####seworth.net/forum/search.php?em####################################
- fo###tworth.net/forum/search.php?em####################################
- DNS ASK hu####ddirect.net
- DNS ASK jo####ydirect.net
- DNS ASK jo####ybrought.net
- DNS ASK de####ymethod.net
- DNS ASK hu####dbrought.net
- DNS ASK hu####daction.net
- DNS ASK re####erworth.net
- DNS ASK wo###worth.net
- DNS ASK jo####ymethod.net
- DNS ASK jo####yaction.net
- DNS ASK hu####dmethod.net
- DNS ASK ri####method.net
- DNS ASK li####brought.net
- DNS ASK be####method.net
- DNS ASK be####action.net
- DNS ASK ri####action.net
- DNS ASK de####ybrought.net
- DNS ASK de####yaction.net
- DNS ASK li####method.net
- DNS ASK li####action.net
- DNS ASK li####direct.net
- DNS ASK de####ydirect.net
- DNS ASK th####hworth.net
- DNS ASK ef###tworth.net
- DNS ASK fo###tround.net
- DNS ASK fo####glossary.net
- DNS ASK in####seround.net
- DNS ASK th####hlikely.net
- DNS ASK th####hround.net
- DNS ASK ef###tround.net
- DNS ASK ef####glossary.net
- DNS ASK ef####likely.net
- DNS ASK th####hglossary.net
- DNS ASK wo####lossary.net
- DNS ASK re####erround.net
- DNS ASK re#####rglossary.net
- DNS ASK re####erlikely.net
- DNS ASK wo###likely.net
- DNS ASK wo###round.net
- DNS ASK fo####likely.net
- DNS ASK in#####eglossary.net
- DNS ASK in####selikely.net
- DNS ASK in####seworth.net
- DNS ASK fo###tworth.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''