Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Performance WebClient Call Hardware SPP' = 'C:\glzyxcrx\reehond.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Initiator Audio Layer Log ActiveX Software] 'ImagePath' = 'C:\glzyxcrx\reehond.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Initiator Audio Layer Log ActiveX Software] 'Start' = '00000002'
- 'C:\glzyxcrx\hgzjyat.exe' "c:\glzyxcrx\reehond.exe"
- 'C:\glzyxcrx\reehond.exe'
- 'C:\glzyxcrx\rzevr2pnmdpmkcjzzwak.exe'
- C:\glzyxcrx\reehond.exe
- C:\glzyxcrx\hgzjyat.exe
- C:\glzyxcrx\rzevr2pnmdpmkcjzzwak.exe
- %WINDIR%\glzyxcrx\w7cfr1s
- C:\glzyxcrx\w7cfr1s
- C:\glzyxcrx\hgzjyat.exe
- C:\glzyxcrx\reehond.exe
- C:\glzyxcrx\rzevr2pnmdpmkcjzzwak.exe
- %WINDIR%\glzyxcrx\w7cfr1s
- 'mo####flower.net':80
- 'si####minute.net':80
- 'la###corner.net':80
- 'si####flower.net':80
- 'mo####minute.net':80
- 'si####corner.net':80
- 'mo####corner.net':80
- 'si####special.net':80
- 'mo####special.net':80
- 'se####flower.net':80
- 'la###flower.net':80
- 'se####lbottom.net':80
- 'ma####albottom.net':80
- 'se####minute.net':80
- 'la####pecial.net':80
- 'se####corner.net':80
- 'la###minute.net':80
- 'se####special.net':80
- 'mo####inflower.net':80
- 'pe####sspecial.net':80
- 'wi####special.net':80
- 'pe####sminute.net':80
- 'wi####minute.net':80
- 'pe####scorner.net':80
- 'su####tminute.net':80
- 'su####tspecial.net':80
- 'wi####corner.net':80
- 'su####tflower.net':80
- 'po####leminute.net':80
- 'mo####inspecial.net':80
- 'po####leflower.net':80
- 'mo####inminute.net':80
- 'po####lespecial.net':80
- 'pe####sflower.net':80
- 'wi####flower.net':80
- 'mo####incorner.net':80
- 'po####lecorner.net':80
- 'wi###rbeing.net':80
- 'su####tbeing.net':80
- 'wi####bottom.net':80
- 'su####tbeyond.net':80
- 'su####tforever.net':80
- 'le###beyond.net':80
- 'fi###hbeing.net':80
- 'su####tbottom.net':80
- 'fi####beyond.net':80
- 'pe####sbeyond.net':80
- 'wi####beyond.net':80
- 'mo####inbottom.net':80
- 'po####lebottom.net':80
- 'pe####sbeing.net':80
- 'wi####forever.net':80
- 'pe####sbottom.net':80
- 'wi###wbeing.net':80
- 'pe####sforever.net':80
- 'le###being.net':80
- 'pr####lybottom.net':80
- 'se####lbeyond.net':80
- 'pr####lyforever.net':80
- 'sw###bottom.net':80
- 'ma####albeyond.net':80
- 'se####lforever.net':80
- 'ma####alforever.net':80
- 'se####lbeing.net':80
- 'ma####albeing.net':80
- 'fi####bottom.net':80
- 'le###bottom.net':80
- 'fi####forever.net':80
- 'le####orever.net':80
- 'sw###beyond.net':80
- 'pr####lybeing.net':80
- 'sw####orever.net':80
- 'pr####lybeyond.net':80
- 'sw###being.net':80
- http://mo####flower.net/index.php
- http://si####minute.net/index.php
- http://la###corner.net/index.php
- http://si####flower.net/index.php
- http://mo####minute.net/index.php
- http://si####corner.net/index.php
- http://mo####corner.net/index.php
- http://si####special.net/index.php
- http://mo####special.net/index.php
- http://se####flower.net/index.php
- http://la###flower.net/index.php
- http://se####lbottom.net/index.php
- http://ma####albottom.net/index.php
- http://se####minute.net/index.php
- http://la####pecial.net/index.php
- http://se####corner.net/index.php
- http://la###minute.net/index.php
- http://se####special.net/index.php
- http://mo####inflower.net/index.php
- http://pe####sspecial.net/index.php
- http://wi####special.net/index.php
- http://pe####sminute.net/index.php
- http://wi####minute.net/index.php
- http://pe####scorner.net/index.php
- http://su####tminute.net/index.php
- http://su####tspecial.net/index.php
- http://wi####corner.net/index.php
- http://su####tflower.net/index.php
- http://po####leminute.net/index.php
- http://mo####inspecial.net/index.php
- http://po####leflower.net/index.php
- http://mo####inminute.net/index.php
- http://po####lespecial.net/index.php
- http://pe####sflower.net/index.php
- http://wi####flower.net/index.php
- http://mo####incorner.net/index.php
- http://po####lecorner.net/index.php
- http://wi###rbeing.net/index.php
- http://su####tbeing.net/index.php
- http://wi####bottom.net/index.php
- http://su####tbeyond.net/index.php
- http://su####tforever.net/index.php
- http://le###beyond.net/index.php
- http://fi###hbeing.net/index.php
- http://su####tbottom.net/index.php
- http://fi####beyond.net/index.php
- http://pe####sbeyond.net/index.php
- http://wi####beyond.net/index.php
- http://mo####inbottom.net/index.php
- http://po####lebottom.net/index.php
- http://pe####sbeing.net/index.php
- http://wi####forever.net/index.php
- http://pe####sbottom.net/index.php
- http://wi###wbeing.net/index.php
- http://pe####sforever.net/index.php
- http://le###being.net/index.php
- http://pr####lybottom.net/index.php
- http://se####lbeyond.net/index.php
- http://pr####lyforever.net/index.php
- http://sw###bottom.net/index.php
- http://ma####albeyond.net/index.php
- http://se####lforever.net/index.php
- http://ma####alforever.net/index.php
- http://se####lbeing.net/index.php
- http://ma####albeing.net/index.php
- http://fi####bottom.net/index.php
- http://le###bottom.net/index.php
- http://fi####forever.net/index.php
- http://le####orever.net/index.php
- http://sw###beyond.net/index.php
- http://pr####lybeing.net/index.php
- http://sw####orever.net/index.php
- http://pr####lybeyond.net/index.php
- http://sw###being.net/index.php
- DNS ASK si####minute.net
- DNS ASK mo####minute.net
- DNS ASK si####flower.net
- DNS ASK mo####flower.net
- DNS ASK si####special.net
- DNS ASK mo####corner.net
- DNS ASK mo####inflower.net
- DNS ASK mo####special.net
- DNS ASK si####corner.net
- DNS ASK la###flower.net
- DNS ASK se####minute.net
- DNS ASK ma####albottom.net
- DNS ASK se####flower.net
- DNS ASK la###minute.net
- DNS ASK se####corner.net
- DNS ASK la###corner.net
- DNS ASK se####special.net
- DNS ASK la####pecial.net
- DNS ASK po####leflower.net
- DNS ASK wi####special.net
- DNS ASK pe####scorner.net
- DNS ASK wi####minute.net
- DNS ASK pe####sspecial.net
- DNS ASK wi####corner.net
- DNS ASK su####tspecial.net
- DNS ASK su####tcorner.net
- DNS ASK su####tflower.net
- DNS ASK su####tminute.net
- DNS ASK mo####inspecial.net
- DNS ASK po####lespecial.net
- DNS ASK mo####inminute.net
- DNS ASK po####leminute.net
- DNS ASK mo####incorner.net
- DNS ASK wi####flower.net
- DNS ASK pe####sminute.net
- DNS ASK po####lecorner.net
- DNS ASK pe####sflower.net
- DNS ASK se####lbottom.net
- DNS ASK wi###rbeing.net
- DNS ASK su####tbeing.net
- DNS ASK wi####bottom.net
- DNS ASK su####tbeyond.net
- DNS ASK su####tforever.net
- DNS ASK le###beyond.net
- DNS ASK fi###hbeing.net
- DNS ASK su####tbottom.net
- DNS ASK fi####beyond.net
- DNS ASK pe####sbeyond.net
- DNS ASK wi####beyond.net
- DNS ASK mo####inbottom.net
- DNS ASK po####lebottom.net
- DNS ASK pe####sbeing.net
- DNS ASK wi####forever.net
- DNS ASK pe####sbottom.net
- DNS ASK wi###wbeing.net
- DNS ASK pe####sforever.net
- DNS ASK le###being.net
- DNS ASK pr####lybottom.net
- DNS ASK se####lbeyond.net
- DNS ASK pr####lyforever.net
- DNS ASK sw###bottom.net
- DNS ASK ma####albeyond.net
- DNS ASK se####lforever.net
- DNS ASK ma####alforever.net
- DNS ASK se####lbeing.net
- DNS ASK ma####albeing.net
- DNS ASK fi####bottom.net
- DNS ASK le###bottom.net
- DNS ASK fi####forever.net
- DNS ASK le####orever.net
- DNS ASK sw###beyond.net
- DNS ASK pr####lybeing.net
- DNS ASK sw####orever.net
- DNS ASK pr####lybeyond.net
- DNS ASK sw###being.net
- ClassName: 'Shell_TrayWnd' WindowName: ''