Technical Information
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- %WINDIR%\syswow64\cmd.exe
- 'wf.##n.gmru.net':443
- '46.##4.49.169':5223
- DNS ASK wf.##n.gmru.net
- '<SYSTEM32>\wisptis.exe' /ManualLaunch;' (with hidden window)
- '%WINDIR%\syswow64\netsh.exe' advfirewall reset' (with hidden window)
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /k route delete 46.174.49.169' (with hidden window)
- '<SYSTEM32>\wisptis.exe' /ManualLaunch;
- '%WINDIR%\syswow64\netsh.exe' advfirewall reset
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off
- '%WINDIR%\syswow64\cmd.exe' /k route delete 46.174.49.169
- '%WINDIR%\syswow64\route.exe' delete 46.174.49.169