Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'talpagxitizy' = '%HOMEPATH%\talpagxitizy.exe'
Modifies file system :
Creates the following files:
- %APPDATA%\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3525224950-2885160813-905547259-1000\7ee83745df35bad5ccfc8cd8875de253_fdaad129-04df-4089-bb80-174ce725f721
- %HOMEPATH%\talpagxitizy.exe
Network activity:
Connects to:
- 're###echre.com':80
- 'd-##b.net':80
- 'bu####ss-edge.com':80
- 'sm##.live.com':25
- '67.##5.160.76':25
- 'ea##gen.com':80
TCP:
HTTP POST requests:
- d-##b.net/
- ea##gen.com/
UDP:
- DNS ASK mo#####-vacaciones.com
- DNS ASK go####rk-moossee.ch
- DNS ASK ge###ermusa.com
- DNS ASK ru###eberg.com
- DNS ASK fi###ara.com
- DNS ASK nu###ech.com
- DNS ASK ta##on.com
- DNS ASK re##soft.ru
- DNS ASK fr#####high.school.nz
- DNS ASK is##h.com
- DNS ASK ch###scope.com
- DNS ASK ik##s.fr
- DNS ASK th###rgery.com
- DNS ASK go####luecenter.com
- DNS ASK do##sf.com
- DNS ASK to####sondesign.com
- DNS ASK su###france.com
- DNS ASK ho###hd.com.br
- DNS ASK ro####how.com.au
- DNS ASK do####ntasies.com
- DNS ASK di##d.com
- DNS ASK to###nmeuse.com
- DNS ASK to##x.ro
- DNS ASK ch####supplies.net
- DNS ASK pa##tow.com
- DNS ASK to#####rthcare.com.au
- DNS ASK ph###type.com
- DNS ASK be#####rebusiness.org
- DNS ASK pe#c.ca
- DNS ASK ey###oup.com
- DNS ASK ry###chi-jp.com
- DNS ASK bo####ydesign.com
- DNS ASK sh###yspizza.ph
- DNS ASK sa####connection.ca
- DNS ASK un###.edu.bo
- DNS ASK ba######ramsevatrust.org
- DNS ASK pb##.com
- DNS ASK bu####llmedia.com
- DNS ASK ka###hal.com
- DNS ASK no###uroya.com
- DNS ASK ms##ys.com
- DNS ASK fu###o-lab.com
- DNS ASK ch####clothes.com
- DNS ASK cs##c.org
- DNS ASK sm##.#ompuserve.com
- DNS ASK ge###r.gen.tr
- DNS ASK sd#p.ie
- DNS ASK ws#####rontheweb.com
- DNS ASK ap###farm.org
- DNS ASK st#####ldlifeart.com
- DNS ASK he###mare.nl
- DNS ASK th###tospas.com
- DNS ASK ra######ckwarehouse.com.au
- DNS ASK sz###tufi.com
- DNS ASK e-###ami.com
- DNS ASK ss#####ginggroup.com
- DNS ASK wi#####emarketing.com
- DNS ASK te##ole.com
- DNS ASK th#####ldsongroup.com
- DNS ASK gu###man.com.br
- DNS ASK et###les.com
- DNS ASK bo#r.cz
- DNS ASK ur##asu.net
- DNS ASK co##th.com
- DNS ASK ma###egor.co.kr
- DNS ASK co###ne.or.id
- DNS ASK th######inghouseltd.co.uk
- DNS ASK ac###nvestor.ca
- DNS ASK kv###atoff.ru
- DNS ASK as###isk.com.sg
- DNS ASK al####ousehotel.com
- DNS ASK gj#.com.pl
- DNS ASK is####arnataka.org
- DNS ASK hp####rvices.com
- DNS ASK na###ngcw.com
- DNS ASK ar#####turadigital.com
- DNS ASK op###er.com.au
- DNS ASK ur####aproject.com
- DNS ASK ma####grimes.co.uk
- DNS ASK me#####-jacquelin.com
- DNS ASK vi####agamba.com
- DNS ASK za###xzan.kz
- DNS ASK ku###ilixm.kz
- DNS ASK ci###zlix.kz
- DNS ASK xi###womuzz.kz
- DNS ASK vu###lzibe.kz
- DNS ASK vi###kepi.kz
- DNS ASK ka###aljogmo.kz
- DNS ASK li###sufbazu.kz
- DNS ASK yo###omla.com
- DNS ASK co#.#ku.edu.cn
- DNS ASK ma####grp-spb.ru
- DNS ASK no##-k.com
- DNS ASK ja###alez.kz
- DNS ASK lo###dimcix.kz
- DNS ASK tu####-saitama.com
- DNS ASK na###sklep.pl
- DNS ASK sa##s.net
- DNS ASK aj##.net
- DNS ASK le###ridica.com
- DNS ASK ad####ivechat.us
- DNS ASK os####-school.com
- DNS ASK so#####rganizing.com
- DNS ASK mo###ophoto.com
- DNS ASK ca####eonline.com
- DNS ASK sh###zil.com
- DNS ASK ma####ntralaya.com
- DNS ASK va###ardpkg.com
- DNS ASK av##ay.com
- DNS ASK fr#####ckallergy.com
- DNS ASK je###atz.com
- DNS ASK ma###chn.com
- DNS ASK au##ma.it
- DNS ASK ca###choice.org
- DNS ASK to###ipe.com
- DNS ASK ag##rno.ru
- DNS ASK sc##edel.it
- DNS ASK sa##y.com
- DNS ASK st###tives.org
- DNS ASK sc####inpeach.com
- DNS ASK s2#.fr
- DNS ASK sh#####teexpress.com
- DNS ASK ju####nnect.co.za
- DNS ASK pl#s.ba
- DNS ASK fa###nonline.de
- DNS ASK au####ce-web.net
- DNS ASK gr###web.net
- DNS ASK wo#####dhillwinery.com
- DNS ASK di##ro.se
- DNS ASK ch####atecovers.com
- DNS ASK sg###nting.ca
- DNS ASK tr###alau.com
- DNS ASK br####nternet.nl
- DNS ASK mi####io-teatras.lt
- DNS ASK sl##go.org
- DNS ASK x-#####ommunications.de
- DNS ASK ch####-select.com
- DNS ASK my####center.com
- DNS ASK de##ille.ca
- DNS ASK sz##tka.com
- DNS ASK bu##ad.com
- DNS ASK tv##ra.net
- DNS ASK ko###hi-hp.com
- DNS ASK ne#####xininstitute.com
- DNS ASK st###edia.ca
- DNS ASK th####ofhair.com
- DNS ASK up###on89.com
- DNS ASK es####-hotelier.com
- DNS ASK ma###-man.com
- DNS ASK ck###obal.net
- DNS ASK ph###clubs.com
- DNS ASK hi##ken.com
- DNS ASK ch###eative.com
- DNS ASK so####oncorp.com
- DNS ASK re####eretreat.com
- DNS ASK ce####kalip.com.tr
- DNS ASK bi##imex.pl
- DNS ASK fr###spot.co.za
- DNS ASK sa###david.com
- DNS ASK ea####rmations.net
- DNS ASK ib##.com.br
- DNS ASK ti###urkey.com
- DNS ASK vb##z.com
- DNS ASK av###-ime.com
- DNS ASK ac#####ificrepairs.com
- DNS ASK ac##l.lt
- DNS ASK ze###et.co.jp
- DNS ASK na####ictures.com
- DNS ASK d4###edia.com
- DNS ASK sm##.#ail.yahoo.com
- DNS ASK ea##gen.com
- DNS ASK sm##.live.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK bu####ss-edge.com
- DNS ASK eo##.net
- DNS ASK re###echre.com
- DNS ASK d-##b.net
- DNS ASK www.tr###rush.com
- DNS ASK im###.com.pl
- DNS ASK ai##.co.nz
- DNS ASK kr###haus.com
- DNS ASK hi###nwiese.de
- DNS ASK gr###train.coop
- DNS ASK vi##lur.by
- DNS ASK ez##di.com
- DNS ASK pc##ds.com
- DNS ASK au####ansurfing.at
- DNS ASK ni###.com.cn
- DNS ASK ia###obal.or.id
- DNS ASK te####g-video.com
- DNS ASK ge####isions.com
- DNS ASK mi###stga.com
- DNS ASK li####ist-uk.com
- DNS ASK e-###rming.com
- DNS ASK br###ndia.com
- DNS ASK gi###imo.com
- DNS ASK au####direkt.net
- DNS ASK sk###r.com.pl
- DNS ASK wl#.##uisiana.gov
- DNS ASK ag#####des-druides.com
- DNS ASK om##p.co.jp
- DNS ASK dj###taro.com
- DNS ASK ta##i.com
- DNS ASK de####scueusa.com
- DNS ASK ma####.us2.mcsv.net
- DNS ASK cb####nting.com.au
- DNS ASK sm##.#irectcon.net
- DNS ASK em###dalia.com
- DNS ASK ca#####citytuxedo.com
- DNS ASK ga######onlinemagazine.com
- DNS ASK te###ra.co.jp
- DNS ASK me###ies.org
- DNS ASK e-###ukyaku.com
- DNS ASK te###avis.com
- DNS ASK bi#####sbeefjerky.com
- DNS ASK lo###tic.com
- DNS ASK na####ecurtiss.com
- DNS ASK ic###ain.com
- DNS ASK ar####esajandek.hu
- DNS ASK or####networks.net
- DNS ASK co####permarkt.nl
- DNS ASK ct###rocess.org
- DNS ASK fr#####entauction.com
- DNS ASK ma##.#irmail.net
- DNS ASK ma#####siecologia.com
- DNS ASK ix###ctor.com
- DNS ASK tr####y-works.com
- DNS ASK el###rno.com
- DNS ASK mi###ech.net
- DNS ASK ar##for.com
- DNS ASK bi#####ultimedia.com
- DNS ASK br####arm.com.au
- DNS ASK re####efield.co.uk
- DNS ASK zi####rbatului.ro
- DNS ASK ac###ctory.net
- DNS ASK ac###a.com.br
- DNS ASK c2##du.com
- DNS ASK re###dhits.com
- DNS ASK ka##it.com
- DNS ASK ka####okuren.com
- DNS ASK is#####ltarim.com.tr
- DNS ASK nd####nementiel.com
- DNS ASK lo###rlookz.com
- DNS ASK le####shipforum.us
- DNS ASK au#####ica-travel.com
- DNS ASK db####onents.com
- DNS ASK be#####odmetalworks.com
- DNS ASK be#####aelcenter.org
- DNS ASK an###ervice.com
- DNS ASK sh###ales.co.uk
- DNS ASK ni####ictionary.com
- DNS ASK sm##.###global.yahoo.com
- DNS ASK xi###group.com
- DNS ASK ac#####oambiente.com
- DNS ASK ro#####cintyre.com.au
- DNS ASK na###gurus.com
- DNS ASK ch####ybarry.com
- DNS ASK se###co-ind.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
