Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Profile Offline Biometric' = 'C:\gxwlnwnewv\tzmvbslrl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Transaction Launcher Remote] 'Start' = '00000002'
- 'C:\gxwlnwnewv\znctrqyg.exe' "c:\gxwlnwnewv\tzmvbslrl.exe"
- 'C:\gxwlnwnewv\tzmvbslrl.exe'
- 'C:\gxwlnwnewv\ngx2m6mbepvi96fii.exe'
- C:\gxwlnwnewv\tzmvbslrl.exe
- C:\gxwlnwnewv\znctrqyg.exe
- C:\gxwlnwnewv\dq7juqfs
- %WINDIR%\gxwlnwnewv\nndvfara
- C:\gxwlnwnewv\nndvfara
- C:\gxwlnwnewv\ngx2m6mbepvi96fii.exe
- C:\gxwlnwnewv\znctrqyg.exe
- C:\gxwlnwnewv\tzmvbslrl.exe
- C:\gxwlnwnewv\ngx2m6mbepvi96fii.exe
- %WINDIR%\gxwlnwnewv\nndvfara
- 'ch###health.net':80
- 'co####ehealth.net':80
- 'ch####eparate.net':80
- 'co####eseparate.net':80
- 'ch####lothes.net':80
- 'co####edistant.net':80
- 'of####eparate.net':80
- 'co####eclothes.net':80
- 'ch####istant.net':80
- 'pr####tdistant.net':80
- 'th####eparate.net':80
- 'pr####tseparate.net':80
- 'th###future.net':80
- 'cl###future.net':80
- 'th###health.net':80
- 'pr####tclothes.net':80
- 'th####istant.net':80
- 'pr####thealth.net':80
- 'th####lothes.net':80
- 'tw####clothes.net':80
- 'mi####distant.net':80
- 'tw####health.net':80
- 'mi####clothes.net':80
- 'tw####distant.net':80
- 'ra####health.net':80
- 'mo####ghealth.net':80
- 'ra####separate.net':80
- 'mo####gseparate.net':80
- 'mi####health.net':80
- 'al###health.net':80
- 'of####lothes.net':80
- 'al####eparate.net':80
- 'of###health.net':80
- 'al####lothes.net':80
- 'mi####separate.net':80
- 'tw####separate.net':80
- 'of####istant.net':80
- 'al####istant.net':80
- 'ra####safety.net':80
- 'mo####gsafety.net':80
- 'ra###rearly.net':80
- 'mo####gearly.net':80
- 'ra####future.net':80
- 'hi####ysmell.net':80
- 'st####eearly.net':80
- 'mo####gfuture.net':80
- 'st####esmell.net':80
- 'mo####gsmell.net':80
- 'mi###eearly.net':80
- 'tw###eearly.net':80
- 'mi###esmell.net':80
- 'tw###esmell.net':80
- 'mi####safety.net':80
- 'tw####future.net':80
- 'ra###rsmell.net':80
- 'tw####safety.net':80
- 'mi####future.net':80
- 'we####rfuture.net':80
- 'th###smell.net':80
- 'we####rsafety.net':80
- 'am####future.net':80
- 'cl###smell.net':80
- 'th###safety.net':80
- 'cl###safety.net':80
- 'th###early.net':80
- 'cl###early.net':80
- 'am####safety.net':80
- 'hi####ysafety.net':80
- 'st####efuture.net':80
- 'hi####yearly.net':80
- 'st####esafety.net':80
- 'hi####yfuture.net':80
- 'am###tearly.net':80
- 'we####rearly.net':80
- 'am###tsmell.net':80
- 'we####rsmell.net':80
- http://ch###health.net/index.php?me########
- http://co####ehealth.net/index.php?me########
- http://ch####eparate.net/index.php?me########
- http://co####eseparate.net/index.php?me########
- http://ch####lothes.net/index.php?me########
- http://co####edistant.net/index.php?me########
- http://of####eparate.net/index.php?me########
- http://co####eclothes.net/index.php?me########
- http://ch####istant.net/index.php?me########
- http://pr####tdistant.net/index.php?me########
- http://th####eparate.net/index.php?me########
- http://pr####tseparate.net/index.php?me########
- http://th###future.net/index.php?me########
- http://cl###future.net/index.php?me########
- http://th###health.net/index.php?me########
- http://pr####tclothes.net/index.php?me########
- http://th####istant.net/index.php?me########
- http://pr####thealth.net/index.php?me########
- http://th####lothes.net/index.php?me########
- http://tw####clothes.net/index.php?me########
- http://mi####distant.net/index.php?me########
- http://tw####health.net/index.php?me########
- http://mi####clothes.net/index.php?me########
- http://tw####distant.net/index.php?me########
- http://ra####health.net/index.php?me########
- http://mo####ghealth.net/index.php?me########
- http://ra####separate.net/index.php?me########
- http://mo####gseparate.net/index.php?me########
- http://mi####health.net/index.php?me########
- http://al###health.net/index.php?me########
- http://of####lothes.net/index.php?me########
- http://al####eparate.net/index.php?me########
- http://of###health.net/index.php?me########
- http://al####lothes.net/index.php?me########
- http://mi####separate.net/index.php?me########
- http://tw####separate.net/index.php?me########
- http://of####istant.net/index.php?me########
- http://al####istant.net/index.php?me########
- http://ra####safety.net/index.php?me########
- http://mo####gsafety.net/index.php?me########
- http://ra###rearly.net/index.php?me########
- http://mo####gearly.net/index.php?me########
- http://ra####future.net/index.php?me########
- http://hi####ysmell.net/index.php?me########
- http://st####eearly.net/index.php?me########
- http://mo####gfuture.net/index.php?me########
- http://st####esmell.net/index.php?me########
- http://mo####gsmell.net/index.php?me########
- http://mi###eearly.net/index.php?me########
- http://tw###eearly.net/index.php?me########
- http://mi###esmell.net/index.php?me########
- http://tw###esmell.net/index.php?me########
- http://mi####safety.net/index.php?me########
- http://tw####future.net/index.php?me########
- http://ra###rsmell.net/index.php?me########
- http://tw####safety.net/index.php?me########
- http://mi####future.net/index.php?me########
- http://we####rfuture.net/index.php?me########
- http://th###smell.net/index.php?me########
- http://we####rsafety.net/index.php?me########
- http://am####future.net/index.php?me########
- http://cl###smell.net/index.php?me########
- http://th###safety.net/index.php?me########
- http://cl###safety.net/index.php?me########
- http://th###early.net/index.php?me########
- http://cl###early.net/index.php?me########
- http://am####safety.net/index.php?me########
- http://hi####ysafety.net/index.php?me########
- http://st####efuture.net/index.php?me########
- http://hi####yearly.net/index.php?me########
- http://st####esafety.net/index.php?me########
- http://hi####yfuture.net/index.php?me########
- http://am###tearly.net/index.php?me########
- http://we####rearly.net/index.php?me########
- http://am###tsmell.net/index.php?me########
- http://we####rsmell.net/index.php?me########
- DNS ASK ch###health.net
- DNS ASK co####ehealth.net
- DNS ASK ch####eparate.net
- DNS ASK co####eseparate.net
- DNS ASK ch####lothes.net
- DNS ASK co####edistant.net
- DNS ASK of####eparate.net
- DNS ASK co####eclothes.net
- DNS ASK ch####istant.net
- DNS ASK pr####tdistant.net
- DNS ASK th####eparate.net
- DNS ASK pr####tseparate.net
- DNS ASK th###future.net
- DNS ASK cl###future.net
- DNS ASK th###health.net
- DNS ASK pr####tclothes.net
- DNS ASK th####istant.net
- DNS ASK pr####thealth.net
- DNS ASK th####lothes.net
- DNS ASK tw####clothes.net
- DNS ASK mi####distant.net
- DNS ASK tw####health.net
- DNS ASK mi####clothes.net
- DNS ASK tw####distant.net
- DNS ASK ra####health.net
- DNS ASK mo####ghealth.net
- DNS ASK ra####separate.net
- DNS ASK mo####gseparate.net
- DNS ASK mi####health.net
- DNS ASK al###health.net
- DNS ASK of####lothes.net
- DNS ASK al####eparate.net
- DNS ASK of###health.net
- DNS ASK al####lothes.net
- DNS ASK mi####separate.net
- DNS ASK tw####separate.net
- DNS ASK of####istant.net
- DNS ASK al####istant.net
- DNS ASK ra####safety.net
- DNS ASK mo####gsafety.net
- DNS ASK ra###rearly.net
- DNS ASK mo####gearly.net
- DNS ASK ra####future.net
- DNS ASK hi####ysmell.net
- DNS ASK st####eearly.net
- DNS ASK mo####gfuture.net
- DNS ASK st####esmell.net
- DNS ASK mo####gsmell.net
- DNS ASK mi###eearly.net
- DNS ASK tw###eearly.net
- DNS ASK mi###esmell.net
- DNS ASK tw###esmell.net
- DNS ASK mi####safety.net
- DNS ASK tw####future.net
- DNS ASK ra###rsmell.net
- DNS ASK tw####safety.net
- DNS ASK mi####future.net
- DNS ASK we####rfuture.net
- DNS ASK th###smell.net
- DNS ASK we####rsafety.net
- DNS ASK am####future.net
- DNS ASK cl###smell.net
- DNS ASK th###safety.net
- DNS ASK cl###safety.net
- DNS ASK th###early.net
- DNS ASK cl###early.net
- DNS ASK am####safety.net
- DNS ASK hi####ysafety.net
- DNS ASK st####efuture.net
- DNS ASK hi####yearly.net
- DNS ASK st####esafety.net
- DNS ASK hi####yfuture.net
- DNS ASK am###tearly.net
- DNS ASK we####rearly.net
- DNS ASK am###tsmell.net
- DNS ASK we####rsmell.net
- ClassName: 'Shell_TrayWnd' WindowName: ''