Technical Information
- <SYSTEM32>\svchost.exe
- %TEMP%\db.dat
- %TEMP%\db.dll
- %TEMP%\db.dat
- 'xv.##zgamen.com':80
- http://xv.##zgamen.com/911.html
- http://xv.##zgamen.com/logo.png
- DNS ASK xv.##zgamen.com
- DNS ASK g.###metog.com
- DNS ASK
- DNS ASK
- DNS ASK
- DNS ASK
- DNS ASK
- 'g.###metog.com':53
- '<SYSTEM32>\rundll32.exe' "%TEMP%\db.dll",open
- '<SYSTEM32>\svchost.exe' -k WspService