Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Resource Socket Copy Function Counter Interface' = 'C:\ugmffnfl\lajwjxoqsj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Transaction Human Installer Cryptographic Print] 'ImagePath' = 'C:\ugmffnfl\lajwjxoqsj.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Transaction Human Installer Cryptographic Print] 'Start' = '00000002'
- 'C:\ugmffnfl\yrodtbgbp.exe' "c:\ugmffnfl\lajwjxoqsj.exe"
- 'C:\ugmffnfl\lajwjxoqsj.exe'
- 'C:\ugmffnfl\tj2jbbd8dobewnntf.exe'
- C:\ugmffnfl\lajwjxoqsj.exe
- C:\ugmffnfl\yrodtbgbp.exe
- C:\ugmffnfl\jwu9xm
- %WINDIR%\ugmffnfl\qh1lwm6p
- C:\ugmffnfl\qh1lwm6p
- C:\ugmffnfl\tj2jbbd8dobewnntf.exe
- C:\ugmffnfl\yrodtbgbp.exe
- C:\ugmffnfl\lajwjxoqsj.exe
- C:\ugmffnfl\tj2jbbd8dobewnntf.exe
- %WINDIR%\ugmffnfl\qh1lwm6p
- 'mo####gstranger.net':80
- 'ra####stranger.net':80
- 'mo####gadvance.net':80
- 'ra####goodbye.net':80
- 'mo####gfortieth.net':80
- 'ra####fortieth.net':80
- 'mo####ggoodbye.net':80
- 'ra####advance.net':80
- 'tw####stranger.net':80
- 'mi####stranger.net':80
- 'tw####advance.net':80
- 'mi####goodbye.net':80
- 'tw####fortieth.net':80
- 'mi####fortieth.net':80
- 'tw####goodbye.net':80
- 'am####stranger.net':80
- 'we####radvance.net':80
- 'am####advance.net':80
- 'we####rstranger.net':80
- 'am####fortieth.net':80
- 'we####rgoodbye.net':80
- 'am####goodbye.net':80
- 'hi####yfortieth.net':80
- 'st####estranger.net':80
- 'hi####yadvance.net':80
- 'st####eadvance.net':80
- 'hi####ystranger.net':80
- 'st####efortieth.net':80
- 'hi####ygoodbye.net':80
- 'st####egoodbye.net':80
- 'mi####advance.net':80
- 'th####oodbye.net':80
- 'pr####tstranger.net':80
- 'th####tranger.net':80
- 'pr####tgoodbye.net':80
- 'ch####dvance.net':80
- 'pr####tfortieth.net':80
- 'th####ortieth.net':80
- 'pr####tadvance.net':80
- 'th####pecial.net':80
- 'cl###minute.net':80
- 'th###minute.net':80
- 'cl####pecial.net':80
- 'th####dvance.net':80
- 'cl###corner.net':80
- 'th###corner.net':80
- 'al####tranger.net':80
- 'of####tranger.net':80
- 'al####dvance.net':80
- 'of####oodbye.net':80
- 'al####ortieth.net':80
- 'of####ortieth.net':80
- 'al####oodbye.net':80
- 'of####dvance.net':80
- 'co####estranger.net':80
- 'ch####tranger.net':80
- 'co####eadvance.net':80
- 'ch####oodbye.net':80
- 'co####efortieth.net':80
- 'ch####ortieth.net':80
- 'co####egoodbye.net':80
- http://mo####gstranger.net/index.php?me########
- http://ra####stranger.net/index.php?me########
- http://mo####gadvance.net/index.php?me########
- http://ra####goodbye.net/index.php?me########
- http://mo####gfortieth.net/index.php?me########
- http://ra####fortieth.net/index.php?me########
- http://mo####ggoodbye.net/index.php?me########
- http://ra####advance.net/index.php?me########
- http://tw####stranger.net/index.php?me########
- http://mi####stranger.net/index.php?me########
- http://tw####advance.net/index.php?me########
- http://mi####goodbye.net/index.php?me########
- http://tw####fortieth.net/index.php?me########
- http://mi####fortieth.net/index.php?me########
- http://tw####goodbye.net/index.php?me########
- http://am####stranger.net/index.php?me########
- http://we####radvance.net/index.php?me########
- http://am####advance.net/index.php?me########
- http://we####rstranger.net/index.php?me########
- http://am####fortieth.net/index.php?me########
- http://we####rgoodbye.net/index.php?me########
- http://am####goodbye.net/index.php?me########
- http://hi####yfortieth.net/index.php?me########
- http://st####estranger.net/index.php?me########
- http://hi####yadvance.net/index.php?me########
- http://st####eadvance.net/index.php?me########
- http://hi####ystranger.net/index.php?me########
- http://st####efortieth.net/index.php?me########
- http://hi####ygoodbye.net/index.php?me########
- http://st####egoodbye.net/index.php?me########
- http://mi####advance.net/index.php?me########
- http://th####oodbye.net/index.php?me########
- http://pr####tstranger.net/index.php?me########
- http://th####tranger.net/index.php?me########
- http://pr####tgoodbye.net/index.php?me########
- http://ch####dvance.net/index.php?me########
- http://pr####tfortieth.net/index.php?me########
- http://th####ortieth.net/index.php?me########
- http://pr####tadvance.net/index.php?me########
- http://th####pecial.net/index.php?me########
- http://cl###minute.net/index.php?me########
- http://th###minute.net/index.php?me########
- http://cl####pecial.net/index.php?me########
- http://th####dvance.net/index.php?me########
- http://cl###corner.net/index.php?me########
- http://th###corner.net/index.php?me########
- http://al####tranger.net/index.php?me########
- http://of####tranger.net/index.php?me########
- http://al####dvance.net/index.php?me########
- http://of####oodbye.net/index.php?me########
- http://al####ortieth.net/index.php?me########
- http://of####ortieth.net/index.php?me########
- http://al####oodbye.net/index.php?me########
- http://of####dvance.net/index.php?me########
- http://co####estranger.net/index.php?me########
- http://ch####tranger.net/index.php?me########
- http://co####eadvance.net/index.php?me########
- http://ch####oodbye.net/index.php?me########
- http://co####efortieth.net/index.php?me########
- http://ch####ortieth.net/index.php?me########
- http://co####egoodbye.net/index.php?me########
- DNS ASK mo####gstranger.net
- DNS ASK ra####stranger.net
- DNS ASK mo####gadvance.net
- DNS ASK ra####goodbye.net
- DNS ASK mo####gfortieth.net
- DNS ASK ra####fortieth.net
- DNS ASK mo####ggoodbye.net
- DNS ASK ra####advance.net
- DNS ASK tw####stranger.net
- DNS ASK mi####stranger.net
- DNS ASK tw####advance.net
- DNS ASK mi####goodbye.net
- DNS ASK tw####fortieth.net
- DNS ASK mi####fortieth.net
- DNS ASK tw####goodbye.net
- DNS ASK st####eadvance.net
- DNS ASK we####rstranger.net
- DNS ASK am####stranger.net
- DNS ASK we####radvance.net
- DNS ASK am####goodbye.net
- DNS ASK we####rfortieth.net
- DNS ASK am####fortieth.net
- DNS ASK we####rgoodbye.net
- DNS ASK am####advance.net
- DNS ASK hi####ystranger.net
- DNS ASK st####estranger.net
- DNS ASK hi####yadvance.net
- DNS ASK st####egoodbye.net
- DNS ASK hi####yfortieth.net
- DNS ASK st####efortieth.net
- DNS ASK hi####ygoodbye.net
- DNS ASK th####oodbye.net
- DNS ASK pr####tstranger.net
- DNS ASK th####tranger.net
- DNS ASK pr####tgoodbye.net
- DNS ASK ch####dvance.net
- DNS ASK pr####tfortieth.net
- DNS ASK th####ortieth.net
- DNS ASK pr####tadvance.net
- DNS ASK th####pecial.net
- DNS ASK cl###minute.net
- DNS ASK th###minute.net
- DNS ASK cl####pecial.net
- DNS ASK th####dvance.net
- DNS ASK cl###corner.net
- DNS ASK th###corner.net
- DNS ASK co####eadvance.net
- DNS ASK of####oodbye.net
- DNS ASK al####tranger.net
- DNS ASK of####tranger.net
- DNS ASK al####oodbye.net
- DNS ASK mi####advance.net
- DNS ASK al####ortieth.net
- DNS ASK of####ortieth.net
- DNS ASK al####dvance.net
- DNS ASK ch####oodbye.net
- DNS ASK co####estranger.net
- DNS ASK ch####tranger.net
- DNS ASK co####egoodbye.net
- DNS ASK of####dvance.net
- DNS ASK co####efortieth.net
- DNS ASK ch####ortieth.net
- ClassName: 'Shell_TrayWnd' WindowName: ''