Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Multimedia WMI Color Resolution Profile' = '<SYSTEM32>\gxztaqz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\CNG Visual WLAN Application] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\kiywddwyym.exe' "<SYSTEM32>\gxztaqz.exe"
- '%WINDIR%\Temp\eko64hlc31bbgxj.exe' -r 22925 tcp
- '%TEMP%\eko64hlc2telgxjomr2zk.exe'
- '<SYSTEM32>\gxztaqz.exe'
- <SYSTEM32>\tvnipdhr\run
- <SYSTEM32>\tvnipdhr\rng
- %WINDIR%\Temp\eko64hlc31bbgxj.exe
- <SYSTEM32>\tvnipdhr\cfg
- <SYSTEM32>\kiywddwyym.exe
- %TEMP%\eko64hlc2telgxjomr2zk.exe
- <SYSTEM32>\tvnipdhr\tst
- <SYSTEM32>\gxztaqz.exe
- <SYSTEM32>\tvnipdhr\etc
- <SYSTEM32>\kiywddwyym.exe
- <SYSTEM32>\gxztaqz.exe
- %WINDIR%\Temp\eko64hlc31bbgxj.exe
- <DRIVERS>\etc\hosts
- %TEMP%\eko64hlc2telgxjomr2zk.exe
- 'ta###wrote.net':80
- 'gl###one.net':80
- 'ta###bone.net':80
- 'gl###old.net':80
- 'ta###cold.net':80
- 'gl###rote.net':80
- 'gr###cold.net':80
- 'eq###wrote.net':80
- 'gr###wrote.net':80
- 'gl###ire.net':80
- 'ta###fire.net':80
- 'eq###cold.net':80
- 'wh###fire.net':80
- 'sp###old.net':80
- 'sa###old.net':80
- 'up###one.net':80
- 'wh###bone.net':80
- 'up###ire.net':80
- 'sa###one.net':80
- 'sp###ire.net':80
- 'sa###ire.net':80
- 'sp###rote.net':80
- 'sa###rote.net':80
- 'sp###one.net':80
- 'fa###rote.net':80
- 'wa###bone.net':80
- 'fa###one.net':80
- 'wa###cold.net':80
- 'fa###old.net':80
- 'wa###wrote.net':80
- 'th###old.net':80
- 'dr###wrote.net':80
- 'th###rote.net':80
- 'wa###fire.net':80
- 'fa###ire.net':80
- 'dr###cold.net':80
- 'gr###fire.net':80
- 'sp###cold.net':80
- 'vi###cold.net':80
- 'eq###bone.net':80
- 'gr###bone.net':80
- 'eq###fire.net':80
- 'vi###bone.net':80
- 'sp###fire.net':80
- 'vi###fire.net':80
- 'sp###wrote.net':80
- 'vi###wrote.net':80
- 'sp###bone.net':80
- 'vi###throw.net':80
- 'sp###reply.net':80
- 'vi###reply.net':80
- 'sp###stock.net':80
- 'vi###stock.net':80
- 'sp###throw.net':80
- 'fa###tock.net':80
- 'wa###throw.net':80
- 'fa###hrow.net':80
- 'sp###whole.net':80
- 'vi###whole.net':80
- 'wa###stock.net':80
- 'mi###hown.net':80
- 'ab###ell.net':80
- 'mo###olor.net':80
- 'cr#####onaraminta.net':80
- 'le###form.net':80
- 'mo###ugust.net':80
- 'ri###nstorm.net':80
- 'be##lxc.com':80
- 'gr###whole.net':80
- 'pr####tbottom.net':80
- 'ca####nbring.net':80
- 'al###being.net':80
- 'so###wrote.net':80
- 'ar###bone.net':80
- 'so###bone.net':80
- 'ar###cold.net':80
- 'so###cold.net':80
- 'ar###wrote.net':80
- 'wh###cold.net':80
- 'up###rote.net':80
- 'wh###wrote.net':80
- 'ar###fire.net':80
- 'so###fire.net':80
- 'up###old.net':80
- 'fa###hole.net':80
- 'dr###stock.net':80
- 'th###tock.net':80
- 'wa###reply.net':80
- 'fa###eply.net':80
- 'wa###whole.net':80
- 'th###eply.net':80
- 'dr###whole.net':80
- 'th###hole.net':80
- 'dr###throw.net':80
- 'th###hrow.net':80
- 'dr###reply.net':80
- http://ta###wrote.net/index.php
- http://gl###one.net/index.php
- http://ta###bone.net/index.php
- http://gl###old.net/index.php
- http://ta###cold.net/index.php
- http://gl###rote.net/index.php
- http://gr###cold.net/index.php
- http://eq###wrote.net/index.php
- http://gr###wrote.net/index.php
- http://gl###ire.net/index.php
- http://ta###fire.net/index.php
- http://eq###cold.net/index.php
- http://wh###fire.net/index.php
- http://sp###old.net/index.php
- http://sa###old.net/index.php
- http://up###one.net/index.php
- http://wh###bone.net/index.php
- http://up###ire.net/index.php
- http://sa###one.net/index.php
- http://sp###ire.net/index.php
- http://sa###ire.net/index.php
- http://sp###rote.net/index.php
- http://sa###rote.net/index.php
- http://sp###one.net/index.php
- http://fa###rote.net/index.php
- http://wa###bone.net/index.php
- http://fa###one.net/index.php
- http://wa###cold.net/index.php
- http://fa###old.net/index.php
- http://wa###wrote.net/index.php
- http://th###old.net/index.php
- http://dr###wrote.net/index.php
- http://th###rote.net/index.php
- http://wa###fire.net/index.php
- http://fa###ire.net/index.php
- http://dr###cold.net/index.php
- http://gr###fire.net/index.php
- http://sp###cold.net/index.php
- http://vi###cold.net/index.php
- http://eq###bone.net/index.php
- http://gr###bone.net/index.php
- http://eq###fire.net/index.php
- http://vi###bone.net/index.php
- http://sp###fire.net/index.php
- http://vi###fire.net/index.php
- http://sp###wrote.net/index.php
- http://vi###wrote.net/index.php
- http://sp###bone.net/index.php
- http://vi###throw.net/index.php
- http://sp###reply.net/index.php
- http://vi###reply.net/index.php
- http://sp###stock.net/index.php
- http://vi###stock.net/index.php
- http://sp###throw.net/index.php
- http://fa###tock.net/index.php
- http://wa###throw.net/index.php
- http://fa###hrow.net/index.php
- http://sp###whole.net/index.php
- http://vi###whole.net/index.php
- http://wa###stock.net/index.php
- http://mi###hown.net/index.php
- http://ab###ell.net/index.php
- http://mo###olor.net/index.php
- http://cr#####onaraminta.net/index.php
- http://le###form.net/index.php
- http://mo###ugust.net/index.php
- http://ri###nstorm.net/index.php
- http://be##lxc.com/index.php
- http://gr###whole.net/index.php
- http://pr####tbottom.net/index.php
- http://ca####nbring.net/index.php
- http://al###being.net/index.php
- http://so###wrote.net/index.php
- http://ar###bone.net/index.php
- http://so###bone.net/index.php
- http://ar###cold.net/index.php
- http://so###cold.net/index.php
- http://ar###wrote.net/index.php
- http://wh###cold.net/index.php
- http://up###rote.net/index.php
- http://wh###wrote.net/index.php
- http://ar###fire.net/index.php
- http://so###fire.net/index.php
- http://up###old.net/index.php
- http://fa###hole.net/index.php
- http://dr###stock.net/index.php
- http://th###tock.net/index.php
- http://wa###reply.net/index.php
- http://fa###eply.net/index.php
- http://wa###whole.net/index.php
- http://th###eply.net/index.php
- http://dr###whole.net/index.php
- http://th###hole.net/index.php
- http://dr###throw.net/index.php
- http://th###hrow.net/index.php
- http://dr###reply.net/index.php
- DNS ASK ta###wrote.net
- DNS ASK gl###one.net
- DNS ASK ta###bone.net
- DNS ASK gl###old.net
- DNS ASK ta###cold.net
- DNS ASK gl###rote.net
- DNS ASK gr###cold.net
- DNS ASK eq###wrote.net
- DNS ASK gr###wrote.net
- DNS ASK gl###ire.net
- DNS ASK ta###fire.net
- DNS ASK eq###cold.net
- DNS ASK wh###fire.net
- DNS ASK sp###old.net
- DNS ASK sa###old.net
- DNS ASK up###one.net
- DNS ASK wh###bone.net
- DNS ASK up###ire.net
- DNS ASK sa###one.net
- DNS ASK sp###ire.net
- DNS ASK sa###ire.net
- DNS ASK sp###rote.net
- DNS ASK sa###rote.net
- DNS ASK sp###one.net
- DNS ASK fa###rote.net
- DNS ASK wa###bone.net
- DNS ASK fa###one.net
- DNS ASK wa###cold.net
- DNS ASK fa###old.net
- DNS ASK wa###wrote.net
- DNS ASK th###old.net
- DNS ASK dr###wrote.net
- DNS ASK th###rote.net
- DNS ASK wa###fire.net
- DNS ASK fa###ire.net
- DNS ASK dr###cold.net
- DNS ASK gr###fire.net
- DNS ASK sp###cold.net
- DNS ASK vi###cold.net
- DNS ASK eq###bone.net
- DNS ASK gr###bone.net
- DNS ASK eq###fire.net
- DNS ASK vi###bone.net
- DNS ASK sp###fire.net
- DNS ASK vi###fire.net
- DNS ASK sp###wrote.net
- DNS ASK vi###wrote.net
- DNS ASK sp###bone.net
- DNS ASK wh###wrote.net
- DNS ASK vi###throw.net
- DNS ASK sp###reply.net
- DNS ASK sp###throw.net
- DNS ASK sp###stock.net
- DNS ASK vi###stock.net
- DNS ASK vi###reply.net
- DNS ASK fa###tock.net
- DNS ASK wa###throw.net
- DNS ASK wa###stock.net
- DNS ASK sp###whole.net
- DNS ASK vi###whole.net
- DNS ASK gr###whole.net
- DNS ASK mi###hown.net
- DNS ASK ab###ell.net
- DNS ASK mo###ugust.net
- DNS ASK cr#####onaraminta.net
- DNS ASK le###form.net
- DNS ASK mo###olor.net
- DNS ASK ri###nstorm.net
- DNS ASK be##lxc.com
- DNS ASK al###being.net
- DNS ASK pr####tbottom.net
- DNS ASK ca####nbring.net
- DNS ASK fa###hrow.net
- DNS ASK so###wrote.net
- DNS ASK ar###bone.net
- DNS ASK ar###wrote.net
- DNS ASK ar###cold.net
- DNS ASK so###cold.net
- DNS ASK so###bone.net
- DNS ASK wh###cold.net
- DNS ASK up###rote.net
- DNS ASK up###old.net
- DNS ASK ar###fire.net
- DNS ASK so###fire.net
- DNS ASK th###hole.net
- DNS ASK fa###hole.net
- DNS ASK dr###stock.net
- DNS ASK wa###whole.net
- DNS ASK wa###reply.net
- DNS ASK fa###eply.net
- DNS ASK th###tock.net
- DNS ASK th###eply.net
- DNS ASK dr###whole.net
- DNS ASK dr###reply.net
- DNS ASK dr###throw.net
- DNS ASK th###hrow.net
- '23#.#55.255.250':1900