Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Socket Protocol IPsec SPP Presentation Base' = 'C:\xgcjpkewc\edqsaee.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Grouping Controls Process Task] 'ImagePath' = 'C:\xgcjpkewc\edqsaee.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Grouping Controls Process Task] 'Start' = '00000002'
- 'C:\xgcjpkewc\kyzixzmi.exe' "c:\xgcjpkewc\edqsaee.exe"
- 'C:\xgcjpkewc\edqsaee.exe'
- 'C:\xgcjpkewc\jz2tc0tgayofmtzz.exe'
- C:\xgcjpkewc\edqsaee.exe
- C:\xgcjpkewc\kyzixzmi.exe
- C:\xgcjpkewc\jz2tc0tgayofmtzz.exe
- %WINDIR%\xgcjpkewc\gmcrvo
- C:\xgcjpkewc\gmcrvo
- C:\xgcjpkewc\kyzixzmi.exe
- C:\xgcjpkewc\edqsaee.exe
- C:\xgcjpkewc\jz2tc0tgayofmtzz.exe
- %WINDIR%\xgcjpkewc\gmcrvo
- 'do####straight.net':80
- 'pr####straight.net':80
- 'do####airplane.net':80
- 'pr####airplane.net':80
- 'do###rfence.net':80
- 'pr###yfence.net':80
- 'do###rguard.net':80
- 'pr###yguard.net':80
- 'st####traight.net':80
- 'mi####traight.net':80
- 'st####irplane.net':80
- 'mi####irplane.net':80
- 'st###fence.net':80
- 'mi###fence.net':80
- 'st###guard.net':80
- 'mi###guard.net':80
- 'fe####airplane.net':80
- 're###tguard.net':80
- 'br###nfence.net':80
- 're####straight.net':80
- 'br###nguard.net':80
- 'de####airplane.net':80
- 'pr####estraight.net':80
- 're###tfence.net':80
- 'pr####eairplane.net':80
- 'do###eguard.net':80
- 'fe###wfence.net':80
- 'fe####straight.net':80
- 'fe###wguard.net':80
- 're####airplane.net':80
- 'br####straight.net':80
- 'do###efence.net':80
- 'br####airplane.net':80
- 'ev####gfence.net':80
- 'st####thfound.net':80
- 'st###found.net':80
- 'pr####ebanker.net':80
- 'de####banker.net':80
- 'st####thsuccess.net':80
- 'st####uccess.net':80
- 'st####thspring.net':80
- 'st###spring.net':80
- 'pr####efound.net':80
- 'de###efound.net':80
- 'br####banker.net':80
- 're####banker.net':80
- 'pr####esuccess.net':80
- 'de####success.net':80
- 'pr####espring.net':80
- 'de####spring.net':80
- 'st####thbanker.net':80
- 'ev####gairplane.net':80
- 'bu#####gstraight.net':80
- 'ou####efence.net':80
- 'bu#####gairplane.net':80
- 'ev####gguard.net':80
- 'bu####ngfence.net':80
- 'ev####gstraight.net':80
- 'bu####ngguard.net':80
- 'ou####eairplane.net':80
- 'mo#####tstraight.net':80
- 'st###banker.net':80
- 'mo#####tairplane.net':80
- 'ou####eguard.net':80
- 'mo####ntfence.net':80
- 'ou####estraight.net':80
- 'mo####ntguard.net':80
- http://do####straight.net/index.php
- http://pr####straight.net/index.php
- http://do####airplane.net/index.php
- http://pr####airplane.net/index.php
- http://do###rfence.net/index.php
- http://pr###yfence.net/index.php
- http://do###rguard.net/index.php
- http://pr###yguard.net/index.php
- http://st####traight.net/index.php
- http://mi####traight.net/index.php
- http://st####irplane.net/index.php
- http://mi####irplane.net/index.php
- http://st###fence.net/index.php
- http://mi###fence.net/index.php
- http://st###guard.net/index.php
- http://mi###guard.net/index.php
- http://fe####airplane.net/index.php
- http://re###tguard.net/index.php
- http://br###nfence.net/index.php
- http://re####straight.net/index.php
- http://br###nguard.net/index.php
- http://de####airplane.net/index.php
- http://pr####estraight.net/index.php
- http://re###tfence.net/index.php
- http://pr####eairplane.net/index.php
- http://do###eguard.net/index.php
- http://fe###wfence.net/index.php
- http://fe####straight.net/index.php
- http://fe###wguard.net/index.php
- http://re####airplane.net/index.php
- http://br####straight.net/index.php
- http://do###efence.net/index.php
- http://br####airplane.net/index.php
- http://ev####gfence.net/index.php
- http://st####thfound.net/index.php
- http://st###found.net/index.php
- http://pr####ebanker.net/index.php
- http://de####banker.net/index.php
- http://st####thsuccess.net/index.php
- http://st####uccess.net/index.php
- http://st####thspring.net/index.php
- http://st###spring.net/index.php
- http://pr####efound.net/index.php
- http://de###efound.net/index.php
- http://br####banker.net/index.php
- http://re####banker.net/index.php
- http://pr####esuccess.net/index.php
- http://de####success.net/index.php
- http://pr####espring.net/index.php
- http://de####spring.net/index.php
- http://st####thbanker.net/index.php
- http://ev####gairplane.net/index.php
- http://bu#####gstraight.net/index.php
- http://ou####efence.net/index.php
- http://bu#####gairplane.net/index.php
- http://ev####gguard.net/index.php
- http://bu####ngfence.net/index.php
- http://ev####gstraight.net/index.php
- http://bu####ngguard.net/index.php
- http://ou####eairplane.net/index.php
- http://mo#####tstraight.net/index.php
- http://st###banker.net/index.php
- http://mo#####tairplane.net/index.php
- http://ou####eguard.net/index.php
- http://mo####ntfence.net/index.php
- http://ou####estraight.net/index.php
- http://mo####ntguard.net/index.php
- DNS ASK pr####straight.net
- DNS ASK do###rguard.net
- DNS ASK pr####airplane.net
- DNS ASK do####straight.net
- DNS ASK pr###yfence.net
- DNS ASK fe####airplane.net
- DNS ASK pr###yguard.net
- DNS ASK do###rfence.net
- DNS ASK do####airplane.net
- DNS ASK st####traight.net
- DNS ASK mi####traight.net
- DNS ASK st####irplane.net
- DNS ASK mi####irplane.net
- DNS ASK st###fence.net
- DNS ASK mi###fence.net
- DNS ASK st###guard.net
- DNS ASK mi###guard.net
- DNS ASK br###nfence.net
- DNS ASK re###tfence.net
- DNS ASK br###nguard.net
- DNS ASK re###tguard.net
- DNS ASK pr####estraight.net
- DNS ASK de####straight.net
- DNS ASK pr####eairplane.net
- DNS ASK de####airplane.net
- DNS ASK re####straight.net
- DNS ASK do###eguard.net
- DNS ASK fe###wfence.net
- DNS ASK fe####straight.net
- DNS ASK fe###wguard.net
- DNS ASK re####airplane.net
- DNS ASK br####straight.net
- DNS ASK do###efence.net
- DNS ASK br####airplane.net
- DNS ASK st###found.net
- DNS ASK st####thspring.net
- DNS ASK de####banker.net
- DNS ASK st####thfound.net
- DNS ASK st####uccess.net
- DNS ASK st####thbanker.net
- DNS ASK st###spring.net
- DNS ASK st####thsuccess.net
- DNS ASK pr####ebanker.net
- DNS ASK pr####efound.net
- DNS ASK de###efound.net
- DNS ASK br####banker.net
- DNS ASK re####banker.net
- DNS ASK pr####esuccess.net
- DNS ASK de####success.net
- DNS ASK pr####espring.net
- DNS ASK de####spring.net
- DNS ASK bu#####gstraight.net
- DNS ASK ev####gstraight.net
- DNS ASK bu#####gairplane.net
- DNS ASK ev####gairplane.net
- DNS ASK bu####ngfence.net
- DNS ASK ev####gfence.net
- DNS ASK bu####ngguard.net
- DNS ASK ev####gguard.net
- DNS ASK ou####efence.net
- DNS ASK ou####eairplane.net
- DNS ASK mo#####tstraight.net
- DNS ASK st###banker.net
- DNS ASK mo#####tairplane.net
- DNS ASK ou####eguard.net
- DNS ASK mo####ntfence.net
- DNS ASK ou####estraight.net
- DNS ASK mo####ntguard.net
- ClassName: 'Shell_TrayWnd' WindowName: ''