Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Detection DHCP Extender Interactive' = 'C:\jfvvcivgf\mbytbnsbetwp.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Keying Auto NGEN Store SPP] 'Start' = '00000002'
- 'C:\jfvvcivgf\umjbqoc.exe' "c:\jfvvcivgf\mbytbnsbetwp.exe"
- 'C:\jfvvcivgf\mbytbnsbetwp.exe'
- 'C:\jfvvcivgf\fukut2nuystztvypdc1.exe'
- C:\jfvvcivgf\mbytbnsbetwp.exe
- C:\jfvvcivgf\umjbqoc.exe
- C:\jfvvcivgf\i6ohfr17
- %WINDIR%\jfvvcivgf\whjjbknaqh
- C:\jfvvcivgf\whjjbknaqh
- C:\jfvvcivgf\fukut2nuystztvypdc1.exe
- C:\jfvvcivgf\umjbqoc.exe
- C:\jfvvcivgf\mbytbnsbetwp.exe
- C:\jfvvcivgf\fukut2nuystztvypdc1.exe
- %WINDIR%\jfvvcivgf\whjjbknaqh
- 'or###found.net':80
- 're####efound.net':80
- 'pl####ntbanker.net':80
- 'ne####arybanker.net':80
- 'or###spring.net':80
- 're####esuccess.net':80
- 'or###banker.net':80
- 're####espring.net':80
- 'or####uccess.net':80
- 'ne#####rysuccess.net':80
- 'di####ultbanker.net':80
- 'he###banker.net':80
- 'di#####ltsuccess.net':80
- 'he####uccess.net':80
- 'pl####ntfound.net':80
- 'ne####aryspring.net':80
- 'pl####ntsuccess.net':80
- 'ne####aryfound.net':80
- 'pl####ntspring.net':80
- 're####ebanker.net':80
- 'va####sfound.net':80
- 're###nfound.net':80
- 'ge####success.net':80
- 'ge####banker.net':80
- 'va####sspring.net':80
- 're####success.net':80
- 'va####sbanker.net':80
- 're####spring.net':80
- 'va####ssuccess.net':80
- 'ge####spring.net':80
- 'le####spring.net':80
- 'he####spring.net':80
- 'le###rfound.net':80
- 'he###nfound.net':80
- 'le####success.net':80
- 'he####banker.net':80
- 'ge###efound.net':80
- 'he####success.net':80
- 'le####banker.net':80
- 're####settle.net':80
- 'va####slanguage.net':80
- 'ge####before.net':80
- 'va####ssettle.net':80
- 're####language.net':80
- 'va####sbefore.net':80
- 're####before.net':80
- 'va####sdevice.net':80
- 're####device.net':80
- 'he###before.net':80
- 'he####before.net':80
- 'he###settle.net':80
- 'he####device.net':80
- 'le####before.net':80
- 'ge####settle.net':80
- 'he###device.net':80
- 'ge####device.net':80
- 'he####anguage.net':80
- 'ge####language.net':80
- 'de###efound.net':80
- 'gl####uccess.net':80
- 'an####banker.net':80
- 'gl###spring.net':80
- 'an####success.net':80
- 'gl###banker.net':80
- 'di####ultspring.net':80
- 'he###spring.net':80
- 'di####ultfound.net':80
- 'he###found.net':80
- 'an####spring.net':80
- 'fo####dspring.net':80
- 'de####success.net':80
- 'fo####dfound.net':80
- 'de####spring.net':80
- 'fo####dsuccess.net':80
- 'an###rfound.net':80
- 'gl###found.net':80
- 'de####banker.net':80
- 'fo####dbanker.net':80
- http://or###found.net/index.php?me########
- http://re####efound.net/index.php?me########
- http://pl####ntbanker.net/index.php?me########
- http://ne####arybanker.net/index.php?me########
- http://or###spring.net/index.php?me########
- http://re####esuccess.net/index.php?me########
- http://or###banker.net/index.php?me########
- http://re####espring.net/index.php?me########
- http://or####uccess.net/index.php?me########
- http://ne#####rysuccess.net/index.php?me########
- http://di####ultbanker.net/index.php?me########
- http://he###banker.net/index.php?me########
- http://di#####ltsuccess.net/index.php?me########
- http://he####uccess.net/index.php?me########
- http://pl####ntfound.net/index.php?me########
- http://ne####aryspring.net/index.php?me########
- http://pl####ntsuccess.net/index.php?me########
- http://ne####aryfound.net/index.php?me########
- http://pl####ntspring.net/index.php?me########
- http://re####ebanker.net/index.php?me########
- http://va####sfound.net/index.php?me########
- http://re###nfound.net/index.php?me########
- http://ge####success.net/index.php?me########
- http://ge####banker.net/index.php?me########
- http://va####sspring.net/index.php?me########
- http://re####success.net/index.php?me########
- http://va####sbanker.net/index.php?me########
- http://re####spring.net/index.php?me########
- http://va####ssuccess.net/index.php?me########
- http://ge####spring.net/index.php?me########
- http://le####spring.net/index.php?me########
- http://he####spring.net/index.php?me########
- http://le###rfound.net/index.php?me########
- http://he###nfound.net/index.php?me########
- http://le####success.net/index.php?me########
- http://he####banker.net/index.php?me########
- http://ge###efound.net/index.php?me########
- http://he####success.net/index.php?me########
- http://le####banker.net/index.php?me########
- http://re####settle.net/index.php?me########
- http://va####slanguage.net/index.php?me########
- http://ge####before.net/index.php?me########
- http://va####ssettle.net/index.php?me########
- http://re####language.net/index.php?me########
- http://va####sbefore.net/index.php?me########
- http://re####before.net/index.php?me########
- http://va####sdevice.net/index.php?me########
- http://re####device.net/index.php?me########
- http://he###before.net/index.php?me########
- http://he####before.net/index.php?me########
- http://he###settle.net/index.php?me########
- http://he####device.net/index.php?me########
- http://le####before.net/index.php?me########
- http://ge####settle.net/index.php?me########
- http://he###device.net/index.php?me########
- http://ge####device.net/index.php?me########
- http://he####anguage.net/index.php?me########
- http://ge####language.net/index.php?me########
- http://de###efound.net/index.php?me########
- http://gl####uccess.net/index.php?me########
- http://an####banker.net/index.php?me########
- http://gl###spring.net/index.php?me########
- http://an####success.net/index.php?me########
- http://gl###banker.net/index.php?me########
- http://di####ultspring.net/index.php?me########
- http://he###spring.net/index.php?me########
- http://di####ultfound.net/index.php?me########
- http://he###found.net/index.php?me########
- http://an####spring.net/index.php?me########
- http://fo####dspring.net/index.php?me########
- http://de####success.net/index.php?me########
- http://fo####dfound.net/index.php?me########
- http://de####spring.net/index.php?me########
- http://fo####dsuccess.net/index.php?me########
- http://an###rfound.net/index.php?me########
- http://gl###found.net/index.php?me########
- http://de####banker.net/index.php?me########
- http://fo####dbanker.net/index.php?me########
- DNS ASK re####efound.net
- DNS ASK or###spring.net
- DNS ASK ne####arybanker.net
- DNS ASK or###found.net
- DNS ASK re####espring.net
- DNS ASK or###banker.net
- DNS ASK re####ebanker.net
- DNS ASK or####uccess.net
- DNS ASK re####esuccess.net
- DNS ASK pl####ntbanker.net
- DNS ASK he###banker.net
- DNS ASK pl####ntfound.net
- DNS ASK he####uccess.net
- DNS ASK di####ultbanker.net
- DNS ASK ne####aryfound.net
- DNS ASK pl####ntsuccess.net
- DNS ASK ne#####rysuccess.net
- DNS ASK pl####ntspring.net
- DNS ASK ne####aryspring.net
- DNS ASK le###rfound.net
- DNS ASK re###nfound.net
- DNS ASK va####sspring.net
- DNS ASK ge####banker.net
- DNS ASK va####sfound.net
- DNS ASK re####spring.net
- DNS ASK va####sbanker.net
- DNS ASK re####banker.net
- DNS ASK va####ssuccess.net
- DNS ASK re####success.net
- DNS ASK ge####success.net
- DNS ASK he####spring.net
- DNS ASK le####success.net
- DNS ASK he###nfound.net
- DNS ASK le####spring.net
- DNS ASK he####success.net
- DNS ASK ge###efound.net
- DNS ASK ge####spring.net
- DNS ASK le####banker.net
- DNS ASK he####banker.net
- DNS ASK di#####ltsuccess.net
- DNS ASK re####settle.net
- DNS ASK va####slanguage.net
- DNS ASK ge####before.net
- DNS ASK va####ssettle.net
- DNS ASK re####language.net
- DNS ASK va####sbefore.net
- DNS ASK re####before.net
- DNS ASK va####sdevice.net
- DNS ASK re####device.net
- DNS ASK he###before.net
- DNS ASK he####before.net
- DNS ASK he###settle.net
- DNS ASK he####device.net
- DNS ASK le####before.net
- DNS ASK ge####settle.net
- DNS ASK he###device.net
- DNS ASK ge####device.net
- DNS ASK he####anguage.net
- DNS ASK ge####language.net
- DNS ASK de###efound.net
- DNS ASK gl####uccess.net
- DNS ASK an####banker.net
- DNS ASK gl###spring.net
- DNS ASK an####success.net
- DNS ASK gl###banker.net
- DNS ASK di####ultspring.net
- DNS ASK he###spring.net
- DNS ASK di####ultfound.net
- DNS ASK he###found.net
- DNS ASK an####spring.net
- DNS ASK fo####dspring.net
- DNS ASK de####success.net
- DNS ASK fo####dfound.net
- DNS ASK de####spring.net
- DNS ASK fo####dsuccess.net
- DNS ASK an###rfound.net
- DNS ASK gl###found.net
- DNS ASK de####banker.net
- DNS ASK fo####dbanker.net
- ClassName: 'Shell_TrayWnd' WindowName: ''