Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Logs Location IKE Base DHCP Manager Extensible' = '<SYSTEM32>\gectiykgi.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Layer Machine Image Wired Tunneling Installer] 'ImagePath' = '<SYSTEM32>\gectiykgi.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Layer Machine Image Wired Tunneling Installer] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\wmcrjngufq.exe' "<SYSTEM32>\gectiykgi.exe"
- '%WINDIR%\Temp\hjmzw7x2vmgtmrml.exe' -r 32715 tcp
- '%TEMP%\hjmzw7x2nu3tmrmltpicua8.exe'
- '<SYSTEM32>\gectiykgi.exe'
- <SYSTEM32>\blputhhbuwxgyp\run
- <SYSTEM32>\blputhhbuwxgyp\rng
- %WINDIR%\Temp\hjmzw7x2vmgtmrml.exe
- <SYSTEM32>\blputhhbuwxgyp\cfg
- <SYSTEM32>\wmcrjngufq.exe
- %TEMP%\hjmzw7x2nu3tmrmltpicua8.exe
- <SYSTEM32>\blputhhbuwxgyp\tst
- <SYSTEM32>\gectiykgi.exe
- <SYSTEM32>\blputhhbuwxgyp\etc
- <SYSTEM32>\wmcrjngufq.exe
- <SYSTEM32>\gectiykgi.exe
- %WINDIR%\Temp\hjmzw7x2vmgtmrml.exe
- <DRIVERS>\etc\hosts
- %TEMP%\hjmzw7x2nu3tmrmltpicua8.exe
- 'ar###free.net':80
- 'so###free.net':80
- 'th###nce.net':80
- 'th###oss.net':80
- 'dr###once.net':80
- 'so###other.net':80
- 'ar###wall.net':80
- 'ar###other.net':80
- 'ar###forty.net':80
- 'so###forty.net':80
- 'dr###loss.net':80
- 'fa###oss.net':80
- 'wa###once.net':80
- 'wa###loss.net':80
- 'wa###study.net':80
- 'fa###tudy.net':80
- 'dr###study.net':80
- 'th###tudy.net':80
- 'th###ncle.net':80
- 'fa###nce.net':80
- 'dr###uncle.net':80
- 'sa###ther.net':80
- 'sp###all.net':80
- 'sp###ther.net':80
- 'sp###orty.net':80
- 'sa###orty.net':80
- 'gl###orty.net':80
- 'ta###forty.net':80
- 'ta###free.net':80
- 'sa###all.net':80
- 'gl###ree.net':80
- 'sa###ree.net':80
- 'up###orty.net':80
- 'wh###forty.net':80
- 'wh###free.net':80
- 'so###wall.net':80
- 'up###ree.net':80
- 'wh###wall.net':80
- 'sp###ree.net':80
- 'up###all.net':80
- 'up###ther.net':80
- 'wh###other.net':80
- 'sp###nce.net':80
- 'sa###nce.net':80
- 'sa###oss.net':80
- 'al###being.net':80
- 'ri###nstorm.net':80
- 'ta###study.net':80
- 'gl###oss.net':80
- 'gl###tudy.net':80
- 'gl###ncle.net':80
- 'ta###uncle.net':80
- 'ca####nbring.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'jo####ymeasure.net':80
- 'ef###tbuilt.net':80
- 'th###while.net':80
- 'mo###olor.net':80
- 'pr####tbottom.net':80
- 'ab###ell.net':80
- 'mo###ugust.net':80
- 'mi###hown.net':80
- 'vi###study.net':80
- 'sp###loss.net':80
- 'sp###study.net':80
- 'sp###uncle.net':80
- 'vi###uncle.net':80
- 'wa###uncle.net':80
- 'fa###ncle.net':80
- 'vi###once.net':80
- 'vi###loss.net':80
- 'sp###once.net':80
- 'gr###once.net':80
- 'eq###uncle.net':80
- 'gr###uncle.net':80
- 'ta###once.net':80
- 'ta###loss.net':80
- 'gl###nce.net':80
- 'gr###loss.net':80
- 'eq###once.net':80
- 'eq###loss.net':80
- 'eq###study.net':80
- 'gr###study.net':80
- http://ar###free.net/index.php
- http://so###free.net/index.php
- http://th###nce.net/index.php
- http://th###oss.net/index.php
- http://dr###once.net/index.php
- http://so###other.net/index.php
- http://ar###wall.net/index.php
- http://ar###other.net/index.php
- http://ar###forty.net/index.php
- http://so###forty.net/index.php
- http://dr###loss.net/index.php
- http://fa###oss.net/index.php
- http://wa###once.net/index.php
- http://wa###loss.net/index.php
- http://wa###study.net/index.php
- http://fa###tudy.net/index.php
- http://dr###study.net/index.php
- http://th###tudy.net/index.php
- http://th###ncle.net/index.php
- http://fa###nce.net/index.php
- http://dr###uncle.net/index.php
- http://sa###ther.net/index.php
- http://sp###all.net/index.php
- http://sp###ther.net/index.php
- http://sp###orty.net/index.php
- http://sa###orty.net/index.php
- http://gl###orty.net/index.php
- http://ta###forty.net/index.php
- http://ta###free.net/index.php
- http://sa###all.net/index.php
- http://gl###ree.net/index.php
- http://sa###ree.net/index.php
- http://up###orty.net/index.php
- http://wh###forty.net/index.php
- http://wh###free.net/index.php
- http://so###wall.net/index.php
- http://up###ree.net/index.php
- http://wh###wall.net/index.php
- http://sp###ree.net/index.php
- http://up###all.net/index.php
- http://up###ther.net/index.php
- http://wh###other.net/index.php
- http://sp###nce.net/index.php
- http://sa###nce.net/index.php
- http://sa###oss.net/index.php
- http://al###being.net/index.php
- http://ri###nstorm.net/index.php
- http://ta###study.net/index.php
- http://gl###oss.net/index.php
- http://gl###tudy.net/index.php
- http://gl###ncle.net/index.php
- http://ta###uncle.net/index.php
- http://ca####nbring.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://jo####ymeasure.net/index.php
- http://ef###tbuilt.net/index.php
- http://th###while.net/index.php
- http://mo###olor.net/index.php
- http://pr####tbottom.net/index.php
- http://ab###ell.net/index.php
- http://mo###ugust.net/index.php
- http://mi###hown.net/index.php
- http://vi###study.net/index.php
- http://sp###loss.net/index.php
- http://sp###study.net/index.php
- http://sp###uncle.net/index.php
- http://vi###uncle.net/index.php
- http://wa###uncle.net/index.php
- http://fa###ncle.net/index.php
- http://vi###once.net/index.php
- http://vi###loss.net/index.php
- http://sp###once.net/index.php
- http://gr###once.net/index.php
- http://eq###uncle.net/index.php
- http://gr###uncle.net/index.php
- http://ta###once.net/index.php
- http://ta###loss.net/index.php
- http://gl###nce.net/index.php
- http://gr###loss.net/index.php
- http://eq###once.net/index.php
- http://eq###loss.net/index.php
- http://eq###study.net/index.php
- http://gr###study.net/index.php
- DNS ASK ar###free.net
- DNS ASK so###free.net
- DNS ASK th###nce.net
- DNS ASK th###oss.net
- DNS ASK dr###once.net
- DNS ASK so###other.net
- DNS ASK ar###wall.net
- DNS ASK ar###other.net
- DNS ASK ar###forty.net
- DNS ASK so###forty.net
- DNS ASK dr###loss.net
- DNS ASK fa###oss.net
- DNS ASK wa###once.net
- DNS ASK wa###loss.net
- DNS ASK wa###study.net
- DNS ASK fa###tudy.net
- DNS ASK dr###study.net
- DNS ASK th###tudy.net
- DNS ASK th###ncle.net
- DNS ASK fa###nce.net
- DNS ASK dr###uncle.net
- DNS ASK so###wall.net
- DNS ASK sp###all.net
- DNS ASK sa###all.net
- DNS ASK sa###ther.net
- DNS ASK sa###orty.net
- DNS ASK sp###ther.net
- DNS ASK ta###forty.net
- DNS ASK gl###ther.net
- DNS ASK gl###orty.net
- DNS ASK gl###ree.net
- DNS ASK ta###free.net
- DNS ASK sp###orty.net
- DNS ASK wh###forty.net
- DNS ASK up###ther.net
- DNS ASK up###orty.net
- DNS ASK up###ree.net
- DNS ASK wh###free.net
- DNS ASK sp###ree.net
- DNS ASK sa###ree.net
- DNS ASK wh###wall.net
- DNS ASK wh###other.net
- DNS ASK up###all.net
- DNS ASK sp###nce.net
- DNS ASK sa###nce.net
- DNS ASK sa###oss.net
- DNS ASK al###being.net
- DNS ASK ri###nstorm.net
- DNS ASK ta###study.net
- DNS ASK gl###oss.net
- DNS ASK gl###tudy.net
- DNS ASK gl###ncle.net
- DNS ASK ta###uncle.net
- DNS ASK ca####nbring.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK jo####ymeasure.net
- DNS ASK ef###tbuilt.net
- DNS ASK th###while.net
- DNS ASK mo###olor.net
- DNS ASK pr####tbottom.net
- DNS ASK ab###ell.net
- DNS ASK mo###ugust.net
- DNS ASK mi###hown.net
- DNS ASK vi###study.net
- DNS ASK sp###loss.net
- DNS ASK sp###study.net
- DNS ASK sp###uncle.net
- DNS ASK vi###uncle.net
- DNS ASK wa###uncle.net
- DNS ASK fa###ncle.net
- DNS ASK vi###once.net
- DNS ASK vi###loss.net
- DNS ASK sp###once.net
- DNS ASK gr###once.net
- DNS ASK eq###uncle.net
- DNS ASK gr###uncle.net
- DNS ASK ta###once.net
- DNS ASK ta###loss.net
- DNS ASK gl###nce.net
- DNS ASK gr###loss.net
- DNS ASK eq###once.net
- DNS ASK eq###loss.net
- DNS ASK eq###study.net
- DNS ASK gr###study.net
- '23#.#55.255.250':1900