Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Sharing WinHTTP Mapper Computer DNS' = '%APPDATA%\ulawdgvgamj\rcueugoksgz.exe'
- '%APPDATA%\ulawdgvgamj\kdxrfgjkd.exe' "%APPDATA%\ulawdgvgamj\rcueugoksgz.exe"
- '%APPDATA%\ulawdgvgamj\rcueugoksgz.exe'
- %APPDATA%\ulawdgvgamj\rcueugoksgz.nujy
- %APPDATA%\ulawdgvgamj\kdxrfgjkd.exe
- %APPDATA%\ulawdgvgamj\rcueugoksgz.exe
- %APPDATA%\ulawdgvgamj\kdxrfgjkd.exe
- %APPDATA%\ulawdgvgamj\rcueugoksgz.exe
- 'ef####letter.net':80
- 'th####hbeside.net':80
- 'th####hletter.net':80
- 'th#####different.net':80
- 'ef####different.net':80
- 'ef####beside.net':80
- 'wi####different.net':80
- 'su####letter.net':80
- 'su####different.net':80
- 'th####hsurprise.net':80
- 'ef####surprise.net':80
- 'in#####edifferent.net':80
- 'fo####different.net':80
- 'wo####urprise.net':80
- 'wo###beside.net':80
- 're#####rsurprise.net':80
- 'in####seletter.net':80
- 'in#####esurprise.net':80
- 'fo####surprise.net':80
- 'fo####beside.net':80
- 'fo####letter.net':80
- 'in####sebeside.net':80
- 'wi####letter.net':80
- 'be####letter.net':80
- 'ri####letter.net':80
- 'ri####different.net':80
- 'ch####urprise.net':80
- 'be####different.net':80
- 'be####beside.net':80
- 'li####different.net':80
- 'de#####different.net':80
- 'ri####surprise.net':80
- 'ri####beside.net':80
- 'be####surprise.net':80
- 'wi####surprise.net':80
- 'th####ifferent.net':80
- 'su####surprise.net':80
- 'su####beside.net':80
- 'wi####beside.net':80
- 'ch####ifferent.net':80
- 'ch###beside.net':80
- 'th####urprise.net':80
- 'th###beside.net':80
- 'th###letter.net':80
- 'ch###letter.net':80
- ef####letter.net/forum/search.php?em####################################
- th####hbeside.net/forum/search.php?em####################################
- th####hletter.net/forum/search.php?em####################################
- th#####different.net/forum/search.php?em####################################
- ef####different.net/forum/search.php?em####################################
- ef####beside.net/forum/search.php?em####################################
- wi####different.net/forum/search.php?em####################################
- su####letter.net/forum/search.php?em####################################
- su####different.net/forum/search.php?em####################################
- th####hsurprise.net/forum/search.php?em####################################
- ef####surprise.net/forum/search.php?em####################################
- in#####edifferent.net/forum/search.php?em####################################
- fo####different.net/forum/search.php?em####################################
- wo####urprise.net/forum/search.php?em####################################
- wo###beside.net/forum/search.php?em####################################
- re#####rsurprise.net/forum/search.php?em####################################
- in####seletter.net/forum/search.php?em####################################
- in#####esurprise.net/forum/search.php?em####################################
- fo####surprise.net/forum/search.php?em####################################
- fo####beside.net/forum/search.php?em####################################
- fo####letter.net/forum/search.php?em####################################
- in####sebeside.net/forum/search.php?em####################################
- wi####letter.net/forum/search.php?em####################################
- be####letter.net/forum/search.php?em####################################
- ri####letter.net/forum/search.php?em####################################
- ri####different.net/forum/search.php?em####################################
- ch####urprise.net/forum/search.php?em####################################
- be####different.net/forum/search.php?em####################################
- be####beside.net/forum/search.php?em####################################
- li####different.net/forum/search.php?em####################################
- de#####different.net/forum/search.php?em####################################
- ri####surprise.net/forum/search.php?em####################################
- ri####beside.net/forum/search.php?em####################################
- be####surprise.net/forum/search.php?em####################################
- wi####surprise.net/forum/search.php?em####################################
- th####ifferent.net/forum/search.php?em####################################
- su####surprise.net/forum/search.php?em####################################
- su####beside.net/forum/search.php?em####################################
- wi####beside.net/forum/search.php?em####################################
- ch####ifferent.net/forum/search.php?em####################################
- ch###beside.net/forum/search.php?em####################################
- th####urprise.net/forum/search.php?em####################################
- th###beside.net/forum/search.php?em####################################
- th###letter.net/forum/search.php?em####################################
- ch###letter.net/forum/search.php?em####################################
- DNS ASK ef####letter.net
- DNS ASK th####hbeside.net
- DNS ASK th####hletter.net
- DNS ASK th#####different.net
- DNS ASK ef####different.net
- DNS ASK ef####beside.net
- DNS ASK wi####different.net
- DNS ASK su####letter.net
- DNS ASK su####different.net
- DNS ASK th####hsurprise.net
- DNS ASK ef####surprise.net
- DNS ASK fo####surprise.net
- DNS ASK wo####urprise.net
- DNS ASK in#####edifferent.net
- DNS ASK re#####rsurprise.net
- DNS ASK re####erbeside.net
- DNS ASK wo###beside.net
- DNS ASK fo####different.net
- DNS ASK fo####beside.net
- DNS ASK in#####esurprise.net
- DNS ASK in####sebeside.net
- DNS ASK in####seletter.net
- DNS ASK fo####letter.net
- DNS ASK be####letter.net
- DNS ASK ri####letter.net
- DNS ASK ri####different.net
- DNS ASK ch####urprise.net
- DNS ASK be####different.net
- DNS ASK be####beside.net
- DNS ASK li####different.net
- DNS ASK de#####different.net
- DNS ASK ri####surprise.net
- DNS ASK ri####beside.net
- DNS ASK be####surprise.net
- DNS ASK th####urprise.net
- DNS ASK su####surprise.net
- DNS ASK wi####surprise.net
- DNS ASK wi####beside.net
- DNS ASK wi####letter.net
- DNS ASK su####beside.net
- DNS ASK th####ifferent.net
- DNS ASK th###beside.net
- DNS ASK ch###beside.net
- DNS ASK ch###letter.net
- DNS ASK ch####ifferent.net
- DNS ASK th###letter.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''