Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\3444169920] 'Name' = '%TEMP%\5.tmp'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Inoyikotadoqev' = 'rundll32.exe "%WINDIR%\kbdetus.dll",Startup'
- '%TEMP%\esqto.exe'
- '%TEMP%\utncnw.exe'
- '%TEMP%\ccro.exe'
- '%TEMP%\-1998166001'
- '%TEMP%\fpasu.exe'
- '%TEMP%\rbuvxx.exe'
- '%TEMP%\jwpw.exe'
- '%TEMP%\rrqc.exe'
- '%TEMP%\ghvgqgel.exe'
- '%TEMP%\wysydg.exe'
- '%TEMP%\nsp3.tmp\2IC.exe'
- '%TEMP%\cweec.exe'
- '%TEMP%\navqb.exe'
- '%TEMP%\nsp3.tmp\6tbp.exe'
- '%TEMP%\nsp3.tmp\3E4U - Bucks.exe'
- '%TEMP%\nsp3.tmp\ic2.exe'
- '%TEMP%\nsp3.tmp\1EuroP.exe'
- '%TEMP%\jwpw.exe' (downloaded from the Internet)
- '%TEMP%\rbuvxx.exe' (downloaded from the Internet)
- '%TEMP%\ghvgqgel.exe' (downloaded from the Internet)
- '%TEMP%\rrqc.exe' (downloaded from the Internet)
- '%TEMP%\ccro.exe' (downloaded from the Internet)
- '%TEMP%\navqb.exe' (downloaded from the Internet)
- '%TEMP%\cweec.exe' (downloaded from the Internet)
- '%TEMP%\wysydg.exe' (downloaded from the Internet)
- '%TEMP%\utncnw.exe' (downloaded from the Internet)
- '%TEMP%\fpasu.exe' (downloaded from the Internet)
- '%TEMP%\-1998166001' (downloaded from the Internet)
- '%TEMP%\esqto.exe' (downloaded from the Internet)
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\kbdetus.dll",iep
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\kbdetus.dll",Startup
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\spoolsv.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1400' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1601' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'currentlevel' = '00000000'
- %TEMP%\fpasu.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\scctgxkbb[1].php
- %TEMP%\rrqc.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sbsfwao[1].php
- %TEMP%\utncnw.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\uhhymdqu[1].php
- %TEMP%\-1998166001
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\bosgwxbeff[1].php
- %TEMP%\esqto.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wjwwnae[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\CA8H6RKL.php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kxyyp[1].php
- %TEMP%\Aqz..bat
- %WINDIR%\ulugijob.dll
- %TEMP%\jwpw.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\lyyyzdduh[1].php
- %TEMP%\ghvgqgel.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\hhlycptx[1].php
- %TEMP%\rbuvxx.exe
- %WINDIR%\kbdetus.dll
- %TEMP%\nsp3.tmp\6tbp.exe
- %TEMP%\4.tmp
- %TEMP%\nsp3.tmp\3E4U - Bucks.exe
- %TEMP%\nsp3.tmp\ic2.exe
- %TEMP%\nst2.tmp
- %TEMP%\nsp3.tmp\2IC.exe
- %TEMP%\nsp3.tmp\1EuroP.exe
- %WINDIR%\Temp\6.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\lmzdd[1].php
- %TEMP%\wysydg.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\vvvjzar[1].php
- %TEMP%\ccro.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\vvvmmddhvl[1].php
- %TEMP%\navqb.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ivjwneei[1].php
- %TEMP%\cweec.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\nnrfjmqeh[1].php
- <DRIVERS>\etc\hosts
- %TEMP%\5.tmp
- <SYSTEM32>\svchost.exe
- %WINDIR%\Temp\6.tmp
- %TEMP%\nsp3.tmp\2IC.exe
- %TEMP%\nsp3.tmp\1EuroP.exe
- %TEMP%\nsp3.tmp\ic2.exe
- %TEMP%\nsp3.tmp\3E4U - Bucks.exe
- from %TEMP%\4.tmp to %TEMP%\5.tmp
- 'mi##akin.in':80
- '23#####d1000.skata.net':80
- 'aa###lic.com':80
- 'localhost':1040
- aa###lic.com/bdqqu/wjwwnae.php?ad####################################
- aa###lic.com/bdqqu/sbsfwao.php?ad####################################
- aa###lic.com/bdqqu/scctgxkbb.php?ad####################################
- aa###lic.com/bdqqu/kxyyp.php?ad##################################################################
- aa###lic.com/bdqqu/hhlycptx.php?ad####################################
- aa###lic.com/bdqqu/lyyyzdduh.php?ad####################################
- aa###lic.com/bdqqu/bosgwxbeff.php?ad####################################
- aa###lic.com/bdqqu/vvvmmddhvl.php?ad####################################
- aa###lic.com/bdqqu/nnrfjmqeh.php?ad####################################
- aa###lic.com/bdqqu/ivjwneei.php?ad####################################
- aa###lic.com/bdqqu/uhhymdqu.php?ad####################################
- aa###lic.com/bdqqu/vvvjzar.php?ad####################################
- aa###lic.com/bdqqu/lmzdd.php?ad####################################
- DNS ASK da##.net
- DNS ASK mi##akin.in
- DNS ASK 23#####d1000.skata.net
- DNS ASK ti##pic.com
- DNS ASK ma##h.com
- DNS ASK aa###lic.com
- ClassName: '(null)' WindowName: 'NMBdsjbdfjjhJHDhjdfhjksgd'
- ClassName: '(null)' WindowName: 'MNDsnbdbbvHGJDGHdgshfgdjksfd'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'MNBDjndfbhGYJHDhygdfhgfds'
- ClassName: '(null)' WindowName: 'JHDhkdhjggJFHDfgshjfajhfdshj'
- ClassName: 'CSCHiddenWindow' WindowName: '(null)'
- ClassName: 'SystemTray_Main' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'JNDSKJkjdjJHDhgfgdfghjsgfhjkdshj'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'