Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Hardware Policy BranchCache Management ActiveX' = '<SYSTEM32>\xgurhwiz.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Hardware Network Gateway Distributed] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\pjnvnrcsg.exe' "<SYSTEM32>\xgurhwiz.exe"
- '%WINDIR%\Temp\fxmy2bqp347xxst.exe' -r 27572 tcp
- '%TEMP%\fxmy2bqp2xjwxstjrxvif.exe'
- '<SYSTEM32>\xgurhwiz.exe'
- <SYSTEM32>\ttbykbgrshz\run
- <SYSTEM32>\ttbykbgrshz\rng
- %WINDIR%\Temp\fxmy2bqp347xxst.exe
- <SYSTEM32>\ttbykbgrshz\cfg
- <SYSTEM32>\pjnvnrcsg.exe
- %TEMP%\fxmy2bqp2xjwxstjrxvif.exe
- <SYSTEM32>\ttbykbgrshz\tst
- <SYSTEM32>\xgurhwiz.exe
- <SYSTEM32>\ttbykbgrshz\etc
- <SYSTEM32>\pjnvnrcsg.exe
- <SYSTEM32>\xgurhwiz.exe
- %WINDIR%\Temp\fxmy2bqp347xxst.exe
- <DRIVERS>\etc\hosts
- %TEMP%\fxmy2bqp2xjwxstjrxvif.exe
- 'gr###only.net':80
- 'sp###feel.net':80
- 'eq###only.net':80
- 'eq###color.net':80
- 'gr###color.net':80
- 'sp###color.net':80
- 'vi###color.net':80
- 'vi###high.net':80
- 'vi###feel.net':80
- 'sp###high.net':80
- 'ta###color.net':80
- 'gl###nly.net':80
- 'gl###olor.net':80
- 'gl###igh.net':80
- 'ta###high.net':80
- 'eq###high.net':80
- 'gr###high.net':80
- 'gr###feel.net':80
- 'ta###only.net':80
- 'eq###feel.net':80
- 'sp###only.net':80
- 'dr###color.net':80
- 'th###olor.net':80
- 'th###igh.net':80
- 'th###eel.net':80
- 'dr###high.net':80
- 'so###half.net':80
- 'ar###name.net':80
- 'ar###half.net':80
- 'dr###only.net':80
- 'th###nly.net':80
- 'wa###high.net':80
- 'fa###igh.net':80
- 'fa###eel.net':80
- 'vi###only.net':80
- 'wa###feel.net':80
- 'fa###nly.net':80
- 'dr###feel.net':80
- 'wa###only.net':80
- 'wa###color.net':80
- 'fa###olor.net':80
- 'dr###tell.net':80
- 'th###ell.net':80
- 'th###ody.net':80
- 'th###ance.net':80
- 'dr###body.net':80
- 'so###high.net':80
- 'ar###color.net':80
- 'ar###high.net':80
- 'ar###feel.net':80
- 'so###feel.net':80
- 'de###lxc.com':80
- 'fa###ody.net':80
- 'be##lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'th###are.net':80
- 'dr###dance.net':80
- 'dr###dare.net':80
- 'wa###tell.net':80
- 'fa###ell.net':80
- 'so###color.net':80
- 'sa###igh.net':80
- 'sp###olor.net':80
- 'sp###igh.net':80
- 'sp###eel.net':80
- 'sa###eel.net':80
- 'gl###eel.net':80
- 'ta###feel.net':80
- 'sa###nly.net':80
- 'sa###olor.net':80
- 'sp###nly.net':80
- 'wh###feel.net':80
- 'up###igh.net':80
- 'up###eel.net':80
- 'ar###only.net':80
- 'so###only.net':80
- 'up###nly.net':80
- 'wh###only.net':80
- 'wh###color.net':80
- 'wh###high.net':80
- 'up###olor.net':80
- http://gr###only.net/index.php
- http://sp###feel.net/index.php
- http://eq###only.net/index.php
- http://eq###color.net/index.php
- http://gr###color.net/index.php
- http://sp###color.net/index.php
- http://vi###color.net/index.php
- http://vi###high.net/index.php
- http://vi###feel.net/index.php
- http://sp###high.net/index.php
- http://ta###color.net/index.php
- http://gl###nly.net/index.php
- http://gl###olor.net/index.php
- http://gl###igh.net/index.php
- http://ta###high.net/index.php
- http://eq###high.net/index.php
- http://gr###high.net/index.php
- http://gr###feel.net/index.php
- http://ta###only.net/index.php
- http://eq###feel.net/index.php
- http://sp###only.net/index.php
- http://dr###color.net/index.php
- http://th###olor.net/index.php
- http://th###igh.net/index.php
- http://th###eel.net/index.php
- http://dr###high.net/index.php
- http://so###half.net/index.php
- http://ar###name.net/index.php
- http://ar###half.net/index.php
- http://dr###only.net/index.php
- http://th###nly.net/index.php
- http://wa###high.net/index.php
- http://fa###igh.net/index.php
- http://fa###eel.net/index.php
- http://vi###only.net/index.php
- http://wa###feel.net/index.php
- http://fa###nly.net/index.php
- http://dr###feel.net/index.php
- http://wa###only.net/index.php
- http://wa###color.net/index.php
- http://fa###olor.net/index.php
- http://dr###tell.net/index.php
- http://th###ell.net/index.php
- http://th###ody.net/index.php
- http://th###ance.net/index.php
- http://dr###body.net/index.php
- http://so###high.net/index.php
- http://ar###color.net/index.php
- http://ar###high.net/index.php
- http://ar###feel.net/index.php
- http://so###feel.net/index.php
- http://de###lxc.com/index.php
- http://fa###ody.net/index.php
- http://be##lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://th###are.net/index.php
- http://dr###dance.net/index.php
- http://dr###dare.net/index.php
- http://wa###tell.net/index.php
- http://fa###ell.net/index.php
- http://so###color.net/index.php
- http://sa###igh.net/index.php
- http://sp###olor.net/index.php
- http://sp###igh.net/index.php
- http://sp###eel.net/index.php
- http://sa###eel.net/index.php
- http://gl###eel.net/index.php
- http://ta###feel.net/index.php
- http://sa###nly.net/index.php
- http://sa###olor.net/index.php
- http://sp###nly.net/index.php
- http://wh###feel.net/index.php
- http://up###igh.net/index.php
- http://up###eel.net/index.php
- http://ar###only.net/index.php
- http://so###only.net/index.php
- http://up###nly.net/index.php
- http://wh###only.net/index.php
- http://wh###color.net/index.php
- http://wh###high.net/index.php
- http://up###olor.net/index.php
- DNS ASK sp###feel.net
- DNS ASK vi###feel.net
- DNS ASK gr###only.net
- DNS ASK gr###color.net
- DNS ASK eq###only.net
- DNS ASK vi###color.net
- DNS ASK sp###only.net
- DNS ASK sp###color.net
- DNS ASK sp###high.net
- DNS ASK vi###high.net
- DNS ASK eq###color.net
- DNS ASK ta###color.net
- DNS ASK gl###nly.net
- DNS ASK gl###olor.net
- DNS ASK gl###igh.net
- DNS ASK ta###high.net
- DNS ASK eq###high.net
- DNS ASK gr###high.net
- DNS ASK gr###feel.net
- DNS ASK ta###only.net
- DNS ASK eq###feel.net
- DNS ASK th###olor.net
- DNS ASK dr###only.net
- DNS ASK dr###color.net
- DNS ASK dr###high.net
- DNS ASK th###igh.net
- DNS ASK ar###name.net
- DNS ASK so###name.net
- DNS ASK so###half.net
- DNS ASK th###nly.net
- DNS ASK ar###half.net
- DNS ASK th###eel.net
- DNS ASK wa###high.net
- DNS ASK fa###igh.net
- DNS ASK fa###eel.net
- DNS ASK vi###only.net
- DNS ASK wa###feel.net
- DNS ASK fa###nly.net
- DNS ASK dr###feel.net
- DNS ASK wa###only.net
- DNS ASK wa###color.net
- DNS ASK fa###olor.net
- DNS ASK dr###tell.net
- DNS ASK th###ell.net
- DNS ASK th###ody.net
- DNS ASK th###ance.net
- DNS ASK dr###body.net
- DNS ASK so###high.net
- DNS ASK ar###color.net
- DNS ASK ar###high.net
- DNS ASK ar###feel.net
- DNS ASK so###feel.net
- DNS ASK de###lxc.com
- DNS ASK fa###ody.net
- DNS ASK be##lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK th###are.net
- DNS ASK dr###dance.net
- DNS ASK dr###dare.net
- DNS ASK wa###tell.net
- DNS ASK fa###ell.net
- DNS ASK so###color.net
- DNS ASK sa###igh.net
- DNS ASK sp###olor.net
- DNS ASK sp###igh.net
- DNS ASK sp###eel.net
- DNS ASK sa###eel.net
- DNS ASK gl###eel.net
- DNS ASK ta###feel.net
- DNS ASK sa###nly.net
- DNS ASK sa###olor.net
- DNS ASK sp###nly.net
- DNS ASK wh###feel.net
- DNS ASK up###igh.net
- DNS ASK up###eel.net
- DNS ASK ar###only.net
- DNS ASK so###only.net
- DNS ASK up###nly.net
- DNS ASK wh###only.net
- DNS ASK wh###color.net
- DNS ASK wh###high.net
- DNS ASK up###olor.net
- '23#.#55.255.250':1900