Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Workstation Backup Authentication Registry' = 'C:\wvrjfrdpmk\gwzwypzbkvy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Print Credential Layer iSCSI Player Reporting] 'Start' = '00000002'
- 'C:\wvrjfrdpmk\kvtanqaqs.exe' "c:\wvrjfrdpmk\gwzwypzbkvy.exe"
- 'C:\wvrjfrdpmk\gwzwypzbkvy.exe'
- 'C:\wvrjfrdpmk\myk2ncqjzaeiwfdy.exe'
- C:\wvrjfrdpmk\gwzwypzbkvy.exe
- C:\wvrjfrdpmk\kvtanqaqs.exe
- C:\wvrjfrdpmk\m00djl9msvow
- %WINDIR%\wvrjfrdpmk\w5tcqcf
- C:\wvrjfrdpmk\w5tcqcf
- C:\wvrjfrdpmk\myk2ncqjzaeiwfdy.exe
- C:\wvrjfrdpmk\kvtanqaqs.exe
- C:\wvrjfrdpmk\gwzwypzbkvy.exe
- C:\wvrjfrdpmk\myk2ncqjzaeiwfdy.exe
- %WINDIR%\wvrjfrdpmk\w5tcqcf
- 'tw####safety.net':80
- 'mi####future.net':80
- 'tw###eearly.net':80
- 'mi####safety.net':80
- 'tw####future.net':80
- 'ra###rearly.net':80
- 'mo####gearly.net':80
- 'ra###rsmell.net':80
- 'mo####gsmell.net':80
- 'of###safety.net':80
- 'al###safety.net':80
- 'of###early.net':80
- 'al###early.net':80
- 'of###future.net':80
- 'tw###esmell.net':80
- 'mi###eearly.net':80
- 'al###future.net':80
- 'mi###esmell.net':80
- 'ra####safety.net':80
- 'am###tsmell.net':80
- 'we####rsmell.net':80
- 'st####efuture.net':80
- 'hi####yfuture.net':80
- 'am###tearly.net':80
- 'we####rsafety.net':80
- 'am####future.net':80
- 'we####rearly.net':80
- 'am####safety.net':80
- 'mo####gfuture.net':80
- 'st####esmell.net':80
- 'mo####gsafety.net':80
- 'ra####future.net':80
- 'hi####ysmell.net':80
- 'st####esafety.net':80
- 'hi####ysafety.net':80
- 'st####eearly.net':80
- 'hi####yearly.net':80
- 'th####aughter.net':80
- 'cl####aughter.net':80
- 'am####friend.net':80
- 'we####rfriend.net':80
- 'th###fancy.net':80
- 'cl####onsider.net':80
- 'th###friend.net':80
- 'cl###fancy.net':80
- 'th####onsider.net':80
- 'hi####yfriend.net':80
- 'am####laughter.net':80
- 'hi####yconsider.net':80
- 'st####efriend.net':80
- 'we####rlaughter.net':80
- 'am####consider.net':80
- 'we####rconsider.net':80
- 'am###tfancy.net':80
- 'we####rfancy.net':80
- 'cl###friend.net':80
- 'co####eearly.net':80
- 'ch###safety.net':80
- 'co####esmell.net':80
- 'ch###early.net':80
- 'co####esafety.net':80
- 'of###smell.net':80
- 'al###smell.net':80
- 'ch###future.net':80
- 'co####efuture.net':80
- 'th###early.net':80
- 'pr####tearly.net':80
- 'th###smell.net':80
- 'pr####tsmell.net':80
- 'th###safety.net':80
- 'pr####tfuture.net':80
- 'ch###smell.net':80
- 'pr####tsafety.net':80
- 'th###future.net':80
- http://tw####safety.net/index.php?me########
- http://mi####future.net/index.php?me########
- http://tw###eearly.net/index.php?me########
- http://mi####safety.net/index.php?me########
- http://tw####future.net/index.php?me########
- http://ra###rearly.net/index.php?me########
- http://mo####gearly.net/index.php?me########
- http://ra###rsmell.net/index.php?me########
- http://mo####gsmell.net/index.php?me########
- http://of###safety.net/index.php?me########
- http://al###safety.net/index.php?me########
- http://of###early.net/index.php?me########
- http://al###early.net/index.php?me########
- http://of###future.net/index.php?me########
- http://tw###esmell.net/index.php?me########
- http://mi###eearly.net/index.php?me########
- http://al###future.net/index.php?me########
- http://mi###esmell.net/index.php?me########
- http://ra####safety.net/index.php?me########
- http://am###tsmell.net/index.php?me########
- http://we####rsmell.net/index.php?me########
- http://st####efuture.net/index.php?me########
- http://hi####yfuture.net/index.php?me########
- http://am###tearly.net/index.php?me########
- http://we####rsafety.net/index.php?me########
- http://am####future.net/index.php?me########
- http://we####rearly.net/index.php?me########
- http://am####safety.net/index.php?me########
- http://mo####gfuture.net/index.php?me########
- http://st####esmell.net/index.php?me########
- http://mo####gsafety.net/index.php?me########
- http://ra####future.net/index.php?me########
- http://hi####ysmell.net/index.php?me########
- http://st####esafety.net/index.php?me########
- http://hi####ysafety.net/index.php?me########
- http://st####eearly.net/index.php?me########
- http://hi####yearly.net/index.php?me########
- http://th####aughter.net/index.php?me########
- http://cl####aughter.net/index.php?me########
- http://am####friend.net/index.php?me########
- http://we####rfriend.net/index.php?me########
- http://th###fancy.net/index.php?me########
- http://cl####onsider.net/index.php?me########
- http://th###friend.net/index.php?me########
- http://cl###fancy.net/index.php?me########
- http://th####onsider.net/index.php?me########
- http://hi####yfriend.net/index.php?me########
- http://am####laughter.net/index.php?me########
- http://hi####yconsider.net/index.php?me########
- http://st####efriend.net/index.php?me########
- http://we####rlaughter.net/index.php?me########
- http://am####consider.net/index.php?me########
- http://we####rconsider.net/index.php?me########
- http://am###tfancy.net/index.php?me########
- http://we####rfancy.net/index.php?me########
- http://cl###friend.net/index.php?me########
- http://co####eearly.net/index.php?me########
- http://ch###safety.net/index.php?me########
- http://co####esmell.net/index.php?me########
- http://ch###early.net/index.php?me########
- http://co####esafety.net/index.php?me########
- http://of###smell.net/index.php?me########
- http://al###smell.net/index.php?me########
- http://ch###future.net/index.php?me########
- http://co####efuture.net/index.php?me########
- http://th###early.net/index.php?me########
- http://pr####tearly.net/index.php?me########
- http://th###smell.net/index.php?me########
- http://pr####tsmell.net/index.php?me########
- http://th###safety.net/index.php?me########
- http://pr####tfuture.net/index.php?me########
- http://ch###smell.net/index.php?me########
- http://pr####tsafety.net/index.php?me########
- http://th###future.net/index.php?me########
- DNS ASK mi####future.net
- DNS ASK tw####future.net
- DNS ASK mi####safety.net
- DNS ASK tw####safety.net
- DNS ASK ra###rsmell.net
- DNS ASK mo####gearly.net
- DNS ASK ra####safety.net
- DNS ASK mo####gsmell.net
- DNS ASK ra###rearly.net
- DNS ASK al###safety.net
- DNS ASK of###future.net
- DNS ASK al###early.net
- DNS ASK of###safety.net
- DNS ASK al###future.net
- DNS ASK mi###eearly.net
- DNS ASK tw###eearly.net
- DNS ASK mi###esmell.net
- DNS ASK tw###esmell.net
- DNS ASK mo####gsafety.net
- DNS ASK we####rsmell.net
- DNS ASK am###tearly.net
- DNS ASK hi####yfuture.net
- DNS ASK am###tsmell.net
- DNS ASK we####rearly.net
- DNS ASK am####future.net
- DNS ASK we####rfuture.net
- DNS ASK am####safety.net
- DNS ASK we####rsafety.net
- DNS ASK st####esmell.net
- DNS ASK hi####ysmell.net
- DNS ASK ra####future.net
- DNS ASK mo####gfuture.net
- DNS ASK st####eearly.net
- DNS ASK hi####ysafety.net
- DNS ASK st####efuture.net
- DNS ASK hi####yearly.net
- DNS ASK st####esafety.net
- DNS ASK of###early.net
- DNS ASK th####aughter.net
- DNS ASK cl####aughter.net
- DNS ASK am####friend.net
- DNS ASK we####rfriend.net
- DNS ASK th###fancy.net
- DNS ASK cl####onsider.net
- DNS ASK th###friend.net
- DNS ASK cl###fancy.net
- DNS ASK th####onsider.net
- DNS ASK hi####yfriend.net
- DNS ASK am####laughter.net
- DNS ASK hi####yconsider.net
- DNS ASK st####efriend.net
- DNS ASK we####rlaughter.net
- DNS ASK am####consider.net
- DNS ASK we####rconsider.net
- DNS ASK am###tfancy.net
- DNS ASK we####rfancy.net
- DNS ASK cl###friend.net
- DNS ASK co####eearly.net
- DNS ASK ch###safety.net
- DNS ASK co####esmell.net
- DNS ASK ch###early.net
- DNS ASK co####esafety.net
- DNS ASK of###smell.net
- DNS ASK al###smell.net
- DNS ASK ch###future.net
- DNS ASK co####efuture.net
- DNS ASK th###early.net
- DNS ASK pr####tearly.net
- DNS ASK th###smell.net
- DNS ASK pr####tsmell.net
- DNS ASK th###safety.net
- DNS ASK pr####tfuture.net
- DNS ASK ch###smell.net
- DNS ASK pr####tsafety.net
- DNS ASK th###future.net
- ClassName: 'Shell_TrayWnd' WindowName: ''