Technical Information
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] 'tmnns.exe' = '"%WINDIR%\tmnns.exe"'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] 'tmnns.exe' = '"%WINDIR%\tmnns.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'tmnns.exe' = '"%WINDIR%\tmnns.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tmnns.exe' = '"%WINDIR%\tmnns.exe"'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\tmpf40801ec.bat"
- <SYSTEM32>\alg.exe
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1609' = '00000000'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1609' = '00000000'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1406' = '00000000'
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1406' = '00000000'
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1609' = '00000000'
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1406' = '00000000'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1609' = '00000000'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1406' = '00000000'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1609' = '00000000'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1609' = '00000000'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1609' = '00000000'
- [\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1609' = '00000000'
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1406' = '00000000'
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1609' = '00000000'
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1609' = '00000000'
- [\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1609' = '00000000'
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\0JK3MNO7\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\B6JZ6PWO\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1TCV5OP\cp_cert[1].bin
- %TEMP%\tmpf40801ec.bat
- %TEMP%\Temporary Internet Files\Content.IE5\index.dat
- %TEMP%\History\History.IE5\index.dat
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\0JK3MNO7\cp_cert[1].bin
- %TEMP%\Temporary Internet Files\Content.IE5\HRCCRN08\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\CDWX4NO7\desktop.ini
- %TEMP%\Cookies\index.dat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\cp_cert[1].bin
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\cp_cert[1].bin
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- %ALLUSERSPROFILE%\Application Data\F1135889A345D2.dat
- %WINDIR%\tmnns.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cp_cert[1].bin
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O7Q9ATCD\desktop.ini
- C:\Documents and Settings\NetworkService\Cookies\index.dat
- C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1TCV5OP\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JCVNK6NO\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IAOB78GK\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\B6JZ6PWO\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\0JK3MNO7\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\HRCCRN08\desktop.ini
- %TEMP%\History\History.IE5\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\CDWX4NO7\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JCVNK6NO\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1TCV5OP\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IAOB78GK\desktop.ini
- %TEMP%\Temporary Internet Files\Content.IE5\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O7Q9ATCD\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1TCV5OP\cp_cert[1].bin
- %TEMP%\Temporary Internet Files\Content.IE5\0JK3MNO7\cp_cert[1].bin
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\cp_cert[1].bin
- %ALLUSERSPROFILE%\Application Data\F1135889A345D2.dat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\cp_cert[1].bin
- '17#####0d82b5ec9.net':80
- '01#####1d13789b3.net':80
- '73#####c0e471967.net':80
- 'e6#####3588ba1eb.net':80
- '48#####f94637588.net':80
- '40#####818f74cbc.net':80
- '63#####7d52d0883.net':80
- 'ba#####bb4d1fdc8.net':80
- '20#####6fe5c3823.net':80
- '02#####8538057a9.net':80
- '02#####597c6e71f.net':80
- 'gg###fkdlll.ru':80
- '91#####772bf23e6.net':80
- '9c#####3fba848a3.net':80
- 'c8#####0130b08ab.net':80
- '7f#####356889607.net':80
- '54#####273588fbf.net':80
- 'fe#####a5ee88856.net':80
- http://17#####0D82B5EC9.net/forum/cp_cert.bin via 17#####0d82b5ec9.net
- http://01#####1D13789B3.net/forum/cp_cert.bin via 01#####1d13789b3.net
- http://73#####C0E471967.net/forum/cp_cert.bin via 73#####c0e471967.net
- http://E6#####3588BA1EB.net/forum/cp_cert.bin via e6#####3588ba1eb.net
- http://48#####F94637588.net/forum/cp_cert.bin via 48#####f94637588.net
- http://40#####818F74CBC.net/forum/cp_cert.bin via 40#####818f74cbc.net
- http://63#####7D52D0883.net/forum/cp_cert.bin via 63#####7d52d0883.net
- http://BA#####BB4D1FDC8.net/forum/cp_cert.bin via ba#####bb4d1fdc8.net
- http://20#####6FE5C3823.net/forum/cp_cert.bin via 20#####6fe5c3823.net
- http://02#####8538057A9.net/forum/cp_cert.bin via 02#####8538057a9.net
- http://02#####597C6E71F.net/forum/cp_cert.bin via 02#####597c6e71f.net
- http://gg###fkdlll.ru/forum/cp_cert.bin
- http://91#####772BF23E6.net/forum/cp_cert.bin via 91#####772bf23e6.net
- http://9C#####3FBA848A3.net/forum/cp_cert.bin via 9c#####3fba848a3.net
- http://C8#####0130B08AB.net/forum/cp_cert.bin via c8#####0130b08ab.net
- http://7F#####356889607.net/forum/cp_cert.bin via 7f#####356889607.net
- http://54#####273588FBF.net/forum/cp_cert.bin via 54#####273588fbf.net
- http://FE#####A5EE88856.net/forum/cp_cert.bin via fe#####a5ee88856.net
- DNS ASK 17#####0d82b5ec9.net
- DNS ASK 01#####1d13789b3.net
- DNS ASK 73#####c0e471967.net
- DNS ASK e6#####3588ba1eb.net
- DNS ASK 48#####f94637588.net
- DNS ASK 40#####818f74cbc.net
- DNS ASK 63#####7d52d0883.net
- DNS ASK ba#####bb4d1fdc8.net
- DNS ASK 20#####6fe5c3823.net
- DNS ASK 02#####8538057a9.net
- DNS ASK 02#####597c6e71f.net
- DNS ASK gg###fkdlll.ru
- DNS ASK 91#####772bf23e6.net
- DNS ASK 9c#####3fba848a3.net
- DNS ASK c8#####0130b08ab.net
- DNS ASK 7f#####356889607.net
- DNS ASK 54#####273588fbf.net
- DNS ASK fe#####a5ee88856.net