Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Visual C++ Redistributable 2010' = '%APPDATA%\vc_redist(x86).exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[4].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[4].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[4].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[3].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[4].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[5].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[6].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[6].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[5].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[5].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[5].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[3].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[3].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[3].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[4].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[5].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[4].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[4].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[4].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[6].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[6].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[5].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[5].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[5].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[3].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[3].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[3].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[3].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[2].php
- from <Full path to virus> to %APPDATA%\vc_redist(x86).exe
- 'ki###koa.com':80
- 'jg###1okla.com':80
- 'sh#####w-sorrow01.com':80
- 'ju###1okla.com':80
- 'ki####751sss.com':80
- 'jg###vvkla.com':80
- 'ki###125ss.com':80
- 'k2###huya.com':80
- 'km###2ss.com':80
- 'sh###2ow01.com':80
- 'k2###koa.com':80
- 'ne###gent34.com':80
- 'ku###091-23.com':80
- 'my###-drv.com':80
- 'ex##rv2.com':80
- 're##eme.ru':80
- 'fr###slik0.com':80
- 'sh####-sorrow01.com':80
- 'ki###999s.com':80
- 'ga####-gamble.com':80
- 'de##rv3.com':80
- ki###koa.com/index.php?i=#########################################
- jg###1okla.com/index.php?i=#########################################
- sh#####w-sorrow01.com/index.php?i=#########################################
- ju###1okla.com/index.php?i=#########################################
- ki####751sss.com/index.php?i=#########################################
- jg###vvkla.com/index.php?i=#########################################
- ki###125ss.com/index.php?i=#########################################
- k2###huya.com/index.php?i=#########################################
- km###2ss.com/index.php?i=#########################################
- sh###2ow01.com/index.php?i=#########################################
- k2###koa.com/index.php?i=#########################################
- ne###gent34.com/index.php?i=#########################################
- ku###091-23.com/index.php?i=#########################################
- my###-drv.com/index.php?i=#########################################
- ex##rv2.com/index.php?c=######
- re##eme.ru/index.php?i=#########################################
- fr###slik0.com/index.php?i=#########################################
- sh####-sorrow01.com/index.php?i=#########################################
- ki###999s.com/index.php?i=#########################################
- ga####-gamble.com/index.php?i=#########################################
- de##rv3.com/index.php?i=#########################################
- DNS ASK ki###koa.com
- DNS ASK jg###1okla.com
- DNS ASK sh#####w-sorrow01.com
- DNS ASK ju###1okla.com
- DNS ASK ki####751sss.com
- DNS ASK jg###vvkla.com
- DNS ASK ki###125ss.com
- DNS ASK k2###huya.com
- DNS ASK km###2ss.com
- DNS ASK sh###2ow01.com
- DNS ASK k2###koa.com
- DNS ASK ne###gent34.com
- DNS ASK ku###091-23.com
- DNS ASK my###-drv.com
- DNS ASK ex##rv2.com
- DNS ASK re##eme.ru
- DNS ASK fr###slik0.com
- DNS ASK sh####-sorrow01.com
- DNS ASK ki###999s.com
- DNS ASK ga####-gamble.com
- DNS ASK de##rv3.com
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'