Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Tunneling Machine Player WebClient' = 'C:\vmgwawvbfky\giredozbwcw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Application Image Port Service] 'ImagePath' = 'C:\vmgwawvbfky\giredozbwcw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Application Image Port Service] 'Start' = '00000002'
- 'C:\vmgwawvbfky\niuybinv.exe' "c:\vmgwawvbfky\giredozbwcw.exe"
- 'C:\vmgwawvbfky\giredozbwcw.exe'
- 'C:\vmgwawvbfky\mw3bl4wjjszm5u.exe'
- C:\vmgwawvbfky\giredozbwcw.exe
- C:\vmgwawvbfky\niuybinv.exe
- C:\vmgwawvbfky\mw3bl4wjjszm5u.exe
- %WINDIR%\vmgwawvbfky\bjdbhp
- C:\vmgwawvbfky\bjdbhp
- C:\vmgwawvbfky\niuybinv.exe
- C:\vmgwawvbfky\giredozbwcw.exe
- C:\vmgwawvbfky\mw3bl4wjjszm5u.exe
- %WINDIR%\vmgwawvbfky\bjdbhp
- 'ge#####anbusiness.net':80
- 'al####ybusiness.net':80
- 'ge#####ananother.net':80
- 'al####yanother.net':80
- 'fo####manner.net':80
- 'me####manner.net':80
- 'ge####manappear.net':80
- 'al####yappear.net':80
- 'fr####usiness.net':80
- 'ex#####ncebusiness.net':80
- 'fr####nother.net':80
- 'ex#####nceanother.net':80
- 'ge####manmanner.net':80
- 'al####ymanner.net':80
- 'fr###appear.net':80
- 'ex#####nceappear.net':80
- 'be####usiness.net':80
- 'kn####usiness.net':80
- 'be####nother.net':80
- 'kn####nother.net':80
- 'su####manner.net':80
- 'cr###manner.net':80
- 'be###appear.net':80
- 'kn###appear.net':80
- 'fo####business.net':80
- 'me####business.net':80
- 'fo####another.net':80
- 'me####another.net':80
- 'be###manner.net':80
- 'kn###manner.net':80
- 'fo####appear.net':80
- 'me####appear.net':80
- 'ex#####ncemanner.net':80
- 'wa####othing.net':80
- 'th####tbottle.net':80
- 'wa###stream.net':80
- 'th####tnothing.net':80
- 'wa###divide.net':80
- 'wo###stream.net':80
- 'wa###bottle.net':80
- 'th####tdivide.net':80
- 'cr####othing.net':80
- 'su####bottle.net':80
- 'cr###stream.net':80
- 'su####nothing.net':80
- 'cr###divide.net':80
- 'th####tstream.net':80
- 'cr###bottle.net':80
- 'su####divide.net':80
- 'fi####othing.net':80
- 'pa###bottle.net':80
- 'fi###stream.net':80
- 'pa####othing.net':80
- 'fi###divide.net':80
- 'fr###manner.net':80
- 'fi###bottle.net':80
- 'pa###divide.net':80
- 'sm####othing.net':80
- 'wo###bottle.net':80
- 'sm###stream.net':80
- 'wo####othing.net':80
- 'sm###divide.net':80
- 'pa###stream.net':80
- 'sm###bottle.net':80
- 'wo###divide.net':80
- http://ge#####anbusiness.net/index.php
- http://al####ybusiness.net/index.php
- http://ge#####ananother.net/index.php
- http://al####yanother.net/index.php
- http://fo####manner.net/index.php
- http://me####manner.net/index.php
- http://ge####manappear.net/index.php
- http://al####yappear.net/index.php
- http://fr####usiness.net/index.php
- http://ex#####ncebusiness.net/index.php
- http://fr####nother.net/index.php
- http://ex#####nceanother.net/index.php
- http://ge####manmanner.net/index.php
- http://al####ymanner.net/index.php
- http://fr###appear.net/index.php
- http://ex#####nceappear.net/index.php
- http://be####usiness.net/index.php
- http://kn####usiness.net/index.php
- http://be####nother.net/index.php
- http://kn####nother.net/index.php
- http://su####manner.net/index.php
- http://cr###manner.net/index.php
- http://be###appear.net/index.php
- http://kn###appear.net/index.php
- http://fo####business.net/index.php
- http://me####business.net/index.php
- http://fo####another.net/index.php
- http://me####another.net/index.php
- http://be###manner.net/index.php
- http://kn###manner.net/index.php
- http://fo####appear.net/index.php
- http://me####appear.net/index.php
- http://ex#####ncemanner.net/index.php
- http://wa####othing.net/index.php
- http://th####tbottle.net/index.php
- http://wa###stream.net/index.php
- http://th####tnothing.net/index.php
- http://wa###divide.net/index.php
- http://wo###stream.net/index.php
- http://wa###bottle.net/index.php
- http://th####tdivide.net/index.php
- http://cr####othing.net/index.php
- http://su####bottle.net/index.php
- http://cr###stream.net/index.php
- http://su####nothing.net/index.php
- http://cr###divide.net/index.php
- http://th####tstream.net/index.php
- http://cr###bottle.net/index.php
- http://su####divide.net/index.php
- http://fi####othing.net/index.php
- http://pa###bottle.net/index.php
- http://fi###stream.net/index.php
- http://pa####othing.net/index.php
- http://fi###divide.net/index.php
- http://fr###manner.net/index.php
- http://fi###bottle.net/index.php
- http://pa###divide.net/index.php
- http://sm####othing.net/index.php
- http://wo###bottle.net/index.php
- http://sm###stream.net/index.php
- http://wo####othing.net/index.php
- http://sm###divide.net/index.php
- http://pa###stream.net/index.php
- http://sm###bottle.net/index.php
- http://wo###divide.net/index.php
- DNS ASK ge#####anbusiness.net
- DNS ASK al####ybusiness.net
- DNS ASK ge#####ananother.net
- DNS ASK al####yanother.net
- DNS ASK fo####manner.net
- DNS ASK me####manner.net
- DNS ASK ge####manappear.net
- DNS ASK al####yappear.net
- DNS ASK fr####usiness.net
- DNS ASK ex#####ncebusiness.net
- DNS ASK fr####nother.net
- DNS ASK ex#####nceanother.net
- DNS ASK ge####manmanner.net
- DNS ASK al####ymanner.net
- DNS ASK fr###appear.net
- DNS ASK ex#####nceappear.net
- DNS ASK fo####another.net
- DNS ASK kn####usiness.net
- DNS ASK be###appear.net
- DNS ASK kn####nother.net
- DNS ASK be####usiness.net
- DNS ASK cr###manner.net
- DNS ASK su####another.net
- DNS ASK kn###appear.net
- DNS ASK su####manner.net
- DNS ASK me####business.net
- DNS ASK fo####appear.net
- DNS ASK me####another.net
- DNS ASK fo####business.net
- DNS ASK kn###manner.net
- DNS ASK be####nother.net
- DNS ASK me####appear.net
- DNS ASK be###manner.net
- DNS ASK wa####othing.net
- DNS ASK th####tbottle.net
- DNS ASK wa###stream.net
- DNS ASK th####tnothing.net
- DNS ASK wa###divide.net
- DNS ASK wo###stream.net
- DNS ASK wa###bottle.net
- DNS ASK th####tdivide.net
- DNS ASK cr####othing.net
- DNS ASK su####bottle.net
- DNS ASK cr###stream.net
- DNS ASK su####nothing.net
- DNS ASK cr###divide.net
- DNS ASK th####tstream.net
- DNS ASK cr###bottle.net
- DNS ASK su####divide.net
- DNS ASK sm###stream.net
- DNS ASK pa###bottle.net
- DNS ASK fi###bottle.net
- DNS ASK pa####othing.net
- DNS ASK fi####othing.net
- DNS ASK fr###manner.net
- DNS ASK ex#####ncemanner.net
- DNS ASK pa###divide.net
- DNS ASK fi###divide.net
- DNS ASK wo###bottle.net
- DNS ASK sm###bottle.net
- DNS ASK wo####othing.net
- DNS ASK sm####othing.net
- DNS ASK pa###stream.net
- DNS ASK fi###stream.net
- DNS ASK wo###divide.net
- DNS ASK sm###divide.net
- ClassName: 'Shell_TrayWnd' WindowName: ''