Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Solutions Encrypting Log Discovery Support Files' = 'C:\fcyebvublnfhikc\wufuzqs.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Transaction HomeGroup Layer Compatibility] 'Start' = '00000002'
- 'C:\fcyebvublnfhikc\ofccvnksjgo.exe' "c:\fcyebvublnfhikc\wufuzqs.exe"
- 'C:\fcyebvublnfhikc\wufuzqs.exe'
- 'C:\fcyebvublnfhikc\xdoc3cb5bixvlxibcc8h.exe'
- C:\fcyebvublnfhikc\wufuzqs.exe
- C:\fcyebvublnfhikc\ofccvnksjgo.exe
- C:\fcyebvublnfhikc\pj9meslu
- %WINDIR%\fcyebvublnfhikc\isjehgp5c
- C:\fcyebvublnfhikc\isjehgp5c
- C:\fcyebvublnfhikc\xdoc3cb5bixvlxibcc8h.exe
- C:\fcyebvublnfhikc\ofccvnksjgo.exe
- C:\fcyebvublnfhikc\wufuzqs.exe
- C:\fcyebvublnfhikc\xdoc3cb5bixvlxibcc8h.exe
- %WINDIR%\fcyebvublnfhikc\isjehgp5c
- 'ca####nhealth.net':80
- 'la###health.net':80
- 'ca####nclothes.net':80
- 'la####lothes.net':80
- 'de####distant.net':80
- 'ni####istant.net':80
- 'ca####nseparate.net':80
- 'la####eparate.net':80
- 'la####istant.net':80
- 're####clothes.net':80
- 'el####ichealth.net':80
- 're####distant.net':80
- 'el####icclothes.net':80
- 're####separate.net':80
- 'ca####ndistant.net':80
- 're####health.net':80
- 'el#####cseparate.net':80
- 'ag####thealth.net':80
- 'do####eparate.net':80
- 'ag####tclothes.net':80
- 'do###health.net':80
- 'qu###future.net':80
- 'se####safety.net':80
- 'ag####tseparate.net':80
- 'se####future.net':80
- 'do####lothes.net':80
- 'de####health.net':80
- 'ni###health.net':80
- 'de####clothes.net':80
- 'ni####lothes.net':80
- 'do####istant.net':80
- 'ag####tdistant.net':80
- 'de####separate.net':80
- 'ni####eparate.net':80
- http://ca####nhealth.net/index.php?me########
- http://la###health.net/index.php?me########
- http://ca####nclothes.net/index.php?me########
- http://la####lothes.net/index.php?me########
- http://de####distant.net/index.php?me########
- http://ni####istant.net/index.php?me########
- http://ca####nseparate.net/index.php?me########
- http://la####eparate.net/index.php?me########
- http://la####istant.net/index.php?me########
- http://re####clothes.net/index.php?me########
- http://el####ichealth.net/index.php?me########
- http://re####distant.net/index.php?me########
- http://el####icclothes.net/index.php?me########
- http://re####separate.net/index.php?me########
- http://ca####ndistant.net/index.php?me########
- http://re####health.net/index.php?me########
- http://el#####cseparate.net/index.php?me########
- http://ag####thealth.net/index.php?me########
- http://do####eparate.net/index.php?me########
- http://ag####tclothes.net/index.php?me########
- http://do###health.net/index.php?me########
- http://qu###future.net/index.php?me########
- http://se####safety.net/index.php?me########
- http://ag####tseparate.net/index.php?me########
- http://se####future.net/index.php?me########
- http://do####lothes.net/index.php?me########
- http://de####health.net/index.php?me########
- http://ni###health.net/index.php?me########
- http://de####clothes.net/index.php?me########
- http://ni####lothes.net/index.php?me########
- http://do####istant.net/index.php?me########
- http://ag####tdistant.net/index.php?me########
- http://de####separate.net/index.php?me########
- http://ni####eparate.net/index.php?me########
- DNS ASK ca####nhealth.net
- DNS ASK la###health.net
- DNS ASK ca####nclothes.net
- DNS ASK la####lothes.net
- DNS ASK de####distant.net
- DNS ASK ni####istant.net
- DNS ASK ca####nseparate.net
- DNS ASK la####eparate.net
- DNS ASK la####istant.net
- DNS ASK re####clothes.net
- DNS ASK el####ichealth.net
- DNS ASK re####distant.net
- DNS ASK el####icclothes.net
- DNS ASK re####separate.net
- DNS ASK ca####ndistant.net
- DNS ASK re####health.net
- DNS ASK el#####cseparate.net
- DNS ASK ag####thealth.net
- DNS ASK do####eparate.net
- DNS ASK ag####tclothes.net
- DNS ASK do###health.net
- DNS ASK qu###future.net
- DNS ASK se####safety.net
- DNS ASK ag####tseparate.net
- DNS ASK se####future.net
- DNS ASK do####lothes.net
- DNS ASK de####health.net
- DNS ASK ni###health.net
- DNS ASK de####clothes.net
- DNS ASK ni####lothes.net
- DNS ASK do####istant.net
- DNS ASK ag####tdistant.net
- DNS ASK de####separate.net
- DNS ASK ni####eparate.net
- ClassName: 'Shell_TrayWnd' WindowName: ''