Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Distributed Config Network' = 'C:\ughdnzvai\ysqjnca.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Player Auto-Discovery Endpoint Health] 'Start' = '00000002'
- 'C:\ughdnzvai\yelfohx.exe' "c:\ughdnzvai\ysqjnca.exe"
- 'C:\ughdnzvai\ysqjnca.exe'
- 'C:\ughdnzvai\daa2qlhqqjeq0nncx.exe'
- C:\ughdnzvai\ysqjnca.exe
- C:\ughdnzvai\yelfohx.exe
- C:\ughdnzvai\wbfoo4tfe
- %WINDIR%\ughdnzvai\w4w1oshslv
- C:\ughdnzvai\w4w1oshslv
- C:\ughdnzvai\daa2qlhqqjeq0nncx.exe
- C:\ughdnzvai\yelfohx.exe
- C:\ughdnzvai\ysqjnca.exe
- C:\ughdnzvai\daa2qlhqqjeq0nncx.exe
- %WINDIR%\ughdnzvai\w4w1oshslv
- 'su####measure.net':80
- 'cr####easure.net':80
- 'be###circle.net':80
- 'kn###circle.net':80
- 'su####afraid.net':80
- 'cr###afraid.net':80
- 'su####dinner.net':80
- 'cr###dinner.net':80
- 'be####easure.net':80
- 'kn####easure.net':80
- 'fo####circle.net':80
- 'me####circle.net':80
- 'be###afraid.net':80
- 'kn###afraid.net':80
- 'be###dinner.net':80
- 'kn###dinner.net':80
- 'wo####easure.net':80
- 'sm####easure.net':80
- 'th####tcircle.net':80
- 'wa###circle.net':80
- 'wo###afraid.net':80
- 'sm###afraid.net':80
- 'wo###dinner.net':80
- 'sm###dinner.net':80
- 'th####tmeasure.net':80
- 'wa####easure.net':80
- 'su####circle.net':80
- 'cr###circle.net':80
- 'th####tafraid.net':80
- 'wa###afraid.net':80
- 'th####tdinner.net':80
- 'wa###dinner.net':80
- 'fr####easure.net':80
- 'ex#####ncemeasure.net':80
- 'pa###carry.net':80
- 'fi###carry.net':80
- 'fr###afraid.net':80
- 'ex#####nceafraid.net':80
- 'fr###dinner.net':80
- 'ex#####ncedinner.net':80
- 'pa###father.net':80
- 'fi###father.net':80
- 'wo###carry.net':80
- 'sm###carry.net':80
- 'pa###built.net':80
- 'fi###built.net':80
- 'pa###apple.net':80
- 'fi###apple.net':80
- 'fo####measure.net':80
- 'me####measure.net':80
- 'ge####mancircle.net':80
- 'al####ycircle.net':80
- 'fo####afraid.net':80
- 'me####afraid.net':80
- 'fo####dinner.net':80
- 'me####dinner.net':80
- 'ge#####anmeasure.net':80
- 'al####ymeasure.net':80
- 'fr###circle.net':80
- 'ex#####ncecircle.net':80
- 'ge####manafraid.net':80
- 'al####yafraid.net':80
- 'ge####mandinner.net':80
- 'al####ydinner.net':80
- http://su####measure.net/index.php?me########
- http://cr####easure.net/index.php?me########
- http://be###circle.net/index.php?me########
- http://kn###circle.net/index.php?me########
- http://su####afraid.net/index.php?me########
- http://cr###afraid.net/index.php?me########
- http://su####dinner.net/index.php?me########
- http://cr###dinner.net/index.php?me########
- http://be####easure.net/index.php?me########
- http://kn####easure.net/index.php?me########
- http://fo####circle.net/index.php?me########
- http://me####circle.net/index.php?me########
- http://be###afraid.net/index.php?me########
- http://kn###afraid.net/index.php?me########
- http://be###dinner.net/index.php?me########
- http://kn###dinner.net/index.php?me########
- http://wo####easure.net/index.php?me########
- http://sm####easure.net/index.php?me########
- http://th####tcircle.net/index.php?me########
- http://wa###circle.net/index.php?me########
- http://wo###afraid.net/index.php?me########
- http://sm###afraid.net/index.php?me########
- http://wo###dinner.net/index.php?me########
- http://sm###dinner.net/index.php?me########
- http://th####tmeasure.net/index.php?me########
- http://wa####easure.net/index.php?me########
- http://su####circle.net/index.php?me########
- http://cr###circle.net/index.php?me########
- http://th####tafraid.net/index.php?me########
- http://wa###afraid.net/index.php?me########
- http://th####tdinner.net/index.php?me########
- http://wa###dinner.net/index.php?me########
- http://fr####easure.net/index.php?me########
- http://ex#####ncemeasure.net/index.php?me########
- http://pa###carry.net/index.php?me########
- http://fi###carry.net/index.php?me########
- http://fr###afraid.net/index.php?me########
- http://ex#####nceafraid.net/index.php?me########
- http://fr###dinner.net/index.php?me########
- http://ex#####ncedinner.net/index.php?me########
- http://pa###father.net/index.php?me########
- http://fi###father.net/index.php?me########
- http://wo###carry.net/index.php?me########
- http://sm###carry.net/index.php?me########
- http://pa###built.net/index.php?me########
- http://fi###built.net/index.php?me########
- http://pa###apple.net/index.php?me########
- http://fi###apple.net/index.php?me########
- http://fo####measure.net/index.php?me########
- http://me####measure.net/index.php?me########
- http://ge####mancircle.net/index.php?me########
- http://al####ycircle.net/index.php?me########
- http://fo####afraid.net/index.php?me########
- http://me####afraid.net/index.php?me########
- http://fo####dinner.net/index.php?me########
- http://me####dinner.net/index.php?me########
- http://ge#####anmeasure.net/index.php?me########
- http://al####ymeasure.net/index.php?me########
- http://fr###circle.net/index.php?me########
- http://ex#####ncecircle.net/index.php?me########
- http://ge####manafraid.net/index.php?me########
- http://al####yafraid.net/index.php?me########
- http://ge####mandinner.net/index.php?me########
- http://al####ydinner.net/index.php?me########
- DNS ASK cr####easure.net
- DNS ASK su####dinner.net
- DNS ASK kn###circle.net
- DNS ASK su####measure.net
- DNS ASK cr###afraid.net
- DNS ASK su####circle.net
- DNS ASK cr###dinner.net
- DNS ASK su####afraid.net
- DNS ASK kn####easure.net
- DNS ASK be###dinner.net
- DNS ASK me####circle.net
- DNS ASK be####easure.net
- DNS ASK kn###afraid.net
- DNS ASK be###circle.net
- DNS ASK kn###dinner.net
- DNS ASK be###afraid.net
- DNS ASK sm####easure.net
- DNS ASK wo###dinner.net
- DNS ASK wa###circle.net
- DNS ASK wo####easure.net
- DNS ASK sm###afraid.net
- DNS ASK wo###circle.net
- DNS ASK sm###dinner.net
- DNS ASK wo###afraid.net
- DNS ASK wa####easure.net
- DNS ASK th####tdinner.net
- DNS ASK cr###circle.net
- DNS ASK th####tmeasure.net
- DNS ASK wa###afraid.net
- DNS ASK th####tcircle.net
- DNS ASK wa###dinner.net
- DNS ASK th####tafraid.net
- DNS ASK fo####circle.net
- DNS ASK fr####easure.net
- DNS ASK ex#####ncemeasure.net
- DNS ASK pa###carry.net
- DNS ASK fi###carry.net
- DNS ASK fr###afraid.net
- DNS ASK ex#####nceafraid.net
- DNS ASK fr###dinner.net
- DNS ASK ex#####ncedinner.net
- DNS ASK pa###father.net
- DNS ASK fi###father.net
- DNS ASK wo###carry.net
- DNS ASK sm###carry.net
- DNS ASK pa###built.net
- DNS ASK fi###built.net
- DNS ASK pa###apple.net
- DNS ASK fi###apple.net
- DNS ASK fo####measure.net
- DNS ASK me####measure.net
- DNS ASK ge####mancircle.net
- DNS ASK al####ycircle.net
- DNS ASK fo####afraid.net
- DNS ASK me####afraid.net
- DNS ASK fo####dinner.net
- DNS ASK me####dinner.net
- DNS ASK ge#####anmeasure.net
- DNS ASK al####ymeasure.net
- DNS ASK fr###circle.net
- DNS ASK ex#####ncecircle.net
- DNS ASK ge####manafraid.net
- DNS ASK al####yafraid.net
- DNS ASK ge####mandinner.net
- DNS ASK al####ydinner.net
- ClassName: 'Shell_TrayWnd' WindowName: ''