Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'client' = '%APPDATA%\<Virus name>.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'client' = '<Full path to virus>'
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 368
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 372
- '%APPDATA%\<Virus name>.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe'
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe
- %TEMP%\3855E.dmp
- %TEMP%\aut17.tmp
- %TEMP%\37948.dmp
- %TEMP%\aut16.tmp
- %TEMP%\aut18.tmp
- %TEMP%\3A104.dmp
- %TEMP%\39B66.dmp
- %TEMP%\3A327.dmp
- %TEMP%\aut12.tmp
- %TEMP%\3474B.dmp
- %TEMP%\330E5.dmp
- %TEMP%\33FD9.dmp
- %TEMP%\aut14.tmp
- %TEMP%\aut15.tmp
- %TEMP%\35B40.dmp
- %TEMP%\aut13.tmp
- %TEMP%\aut19.tmp
- %TEMP%\aut1E.tmp
- %TEMP%\aut1F.tmp
- %TEMP%\3E8BB.dmp
- %TEMP%\3F2AE.dmp
- %TEMP%\42046.dmp
- %TEMP%\aut21.tmp
- %TEMP%\40D0C.dmp
- %TEMP%\aut20.tmp
- %TEMP%\3C1EA.dmp
- %TEMP%\3D34F.dmp
- %TEMP%\3C005.dmp
- %TEMP%\aut1A.tmp
- %TEMP%\aut1D.tmp
- %TEMP%\3EF14.dmp
- %TEMP%\aut1B.tmp
- %TEMP%\aut1C.tmp
- %TEMP%\aut11.tmp
- %TEMP%\2748A.dmp
- %TEMP%\27DC1.dmp
- %TEMP%\aut6.tmp
- %TEMP%\aut7.tmp
- %TEMP%\aut9.tmp
- %TEMP%\28B0F.dmp
- %TEMP%\aut8.tmp
- %TEMP%\27E6D.dmp
- %APPDATA%\<Virus name>.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\1.resource
- %TEMP%\dw.log
- %TEMP%\aut5.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut4.tmp
- %TEMP%\autA.tmp
- %TEMP%\2F468.dmp
- %TEMP%\autE.tmp
- %TEMP%\2E1AB.dmp
- %TEMP%\2DE50.dmp
- %TEMP%\autF.tmp
- %TEMP%\aut10.tmp
- %TEMP%\30C65.dmp
- %TEMP%\31C91.dmp
- %TEMP%\2A8F8.dmp
- %TEMP%\autC.tmp
- %TEMP%\29FB1.dmp
- %TEMP%\autB.tmp
- %TEMP%\autD.tmp
- %TEMP%\2D19E.dmp
- %TEMP%\2ADCA.dmp
- %TEMP%\2C087.dmp
- %APPDATA%\<Virus name>.exe
- <Full path to virus>
- %TEMP%\aut17.tmp
- %TEMP%\aut16.tmp
- %TEMP%\aut19.tmp
- %TEMP%\aut18.tmp
- %TEMP%\aut13.tmp
- %TEMP%\aut12.tmp
- %TEMP%\aut15.tmp
- %TEMP%\aut14.tmp
- %TEMP%\aut1F.tmp
- %TEMP%\aut1E.tmp
- %TEMP%\aut21.tmp
- %TEMP%\aut20.tmp
- %TEMP%\aut1B.tmp
- %TEMP%\aut1A.tmp
- %TEMP%\aut1D.tmp
- %TEMP%\aut1C.tmp
- %TEMP%\aut11.tmp
- %TEMP%\aut6.tmp
- %TEMP%\aut5.tmp
- %TEMP%\aut8.tmp
- %TEMP%\aut7.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut3.tmp
- %TEMP%\autE.tmp
- %TEMP%\autD.tmp
- %TEMP%\aut10.tmp
- %TEMP%\autF.tmp
- %TEMP%\autA.tmp
- %TEMP%\aut9.tmp
- %TEMP%\autC.tmp
- %TEMP%\autB.tmp
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''