Technical Information
- 'C:\ofgitsly.exe'
- 'C:\vwhqlwgw.exe'
- 'C:\uhjb.exe'
- 'C:\ryxy.exe'
- 'C:\-1998166001'
- 'C:\bktdl.exe'
- 'C:\cclx.exe'
- 'C:\mmpmegx.exe'
- 'C:\vefuq.exe'
- 'C:\baif.exe'
- '%TEMP%\nsm3.tmp\Apps.exe'
- '%TEMP%\nsj6.tmp\Apps.exe'
- '%TEMP%\nsm3.tmp\keygen.exe'
- '%TEMP%\nsj6.tmp\keygen.exe'
- '%TEMP%\nsm3.tmp\e4u.exe'
- 'C:\gbfxe.exe'
- 'C:\sbvyj.exe'
- '%TEMP%\nsm3.tmp\EP.exe'
- '%TEMP%\nsj6.tmp\e4u.exe'
- '%TEMP%\nsj6.tmp\EP.exe'
- 'C:\vwhqlwgw.exe' (downloaded from the Internet)
- 'C:\ofgitsly.exe' (downloaded from the Internet)
- 'C:\cclx.exe' (downloaded from the Internet)
- 'C:\ryxy.exe' (downloaded from the Internet)
- 'C:\-1998166001' (downloaded from the Internet)
- 'C:\uhjb.exe' (downloaded from the Internet)
- 'C:\gbfxe.exe' (downloaded from the Internet)
- 'C:\sbvyj.exe' (downloaded from the Internet)
- 'C:\mmpmegx.exe' (downloaded from the Internet)
- 'C:\bktdl.exe' (downloaded from the Internet)
- 'C:\vefuq.exe' (downloaded from the Internet)
- 'C:\baif.exe' (downloaded from the Internet)
- <SYSTEM32>\spoolsv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\irxhiiffp[1].php
- C:\cclx.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\bhrnbylv[1].php
- C:\ofgitsly.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\hohhveswgc[1].php
- C:\vwhqlwgw.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\zgzzjjwli[1].php
- C:\mmpmegx.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wcyijjt[1].php
- C:\ryxy.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\hnkppz[1].php
- C:\bktdl.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bhanx[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\wtqanbo[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\hnkppz[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\iouvvfgcd[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bhanx[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\mbhrobl[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wcyijjt[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\irxhiiffp[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\zfpcdmakt[1].php
- %TEMP%\a..bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\zgzzjjwli[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\hohhveswgc[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ohnbbyyif[1].php
- C:\baif.exe
- %TEMP%\nsj6.tmp\e4u.exe
- %TEMP%\nsj6.tmp\Apps.exe
- %TEMP%\nsj6.tmp\keygen.exe
- %WINDIR%\Temp\8.tmp
- <SYSTEM32>\spool\prtprocs\w32x86\7.tmp
- %TEMP%\nsj6.tmp\EP.exe
- %TEMP%\nsm3.tmp\e4u.exe
- %TEMP%\nsm3.tmp\keygen.exe
- %TEMP%\nsw2.tmp
- %TEMP%\nso5.tmp
- %TEMP%\nsm3.tmp\EP.exe
- %TEMP%\nsm3.tmp\Apps.exe
- <SYSTEM32>\spool\prtprocs\w32x86\9.tmp
- C:\uhjb.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\iouvvfgcd[1].php
- C:\-1998166001
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ohnbbyyif[1].php
- C:\vefuq.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mbhrobl[1].php
- C:\gbfxe.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\zfpcdmakt[1].php
- %WINDIR%\Temp\B.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wtqanbo[1].php
- C:\sbvyj.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\jqqankx[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ohnbbyyif[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\hohhveswgc[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\irxhiiffp[1].php
- <SYSTEM32>\spool\prtprocs\w32x86\9.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\zfpcdmakt[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wcyijjt[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mbhrobl[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wtqanbo[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\iouvvfgcd[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\hnkppz[1].php
- %WINDIR%\Temp\8.tmp
- <SYSTEM32>\spool\prtprocs\w32x86\7.tmp
- %TEMP%\nsm3.tmp\EP.exe
- %TEMP%\nsm3.tmp\Apps.exe
- %TEMP%\nsm3.tmp\e4u.exe
- %TEMP%\nsj6.tmp\EP.exe
- %TEMP%\nsj6.tmp\keygen.exe
- %TEMP%\nsj6.tmp\e4u.exe
- %WINDIR%\Temp\B.tmp
- %TEMP%\nsj6.tmp\Apps.exe
- 'bb###shaw.com':80
- 'ab###der.com':80
- 'fr####rts-2009.com':80
- ab###der.com/tdfpmmn/bhrnbylv.php?ad########
- ab###der.com/tdfpmmn/hnkppz.php?ad########
- ab###der.com/tdfpmmn/zgzzjjwli.php?ad########
- ab###der.com/tdfpmmn/irxhiiffp.php?ad########
- bb###shaw.com/tdfpmmn/zgzzjjwli.php?ad########
- ab###der.com/tdfpmmn/bhanx.php?ad#################################################
- ab###der.com/tdfpmmn/hohhveswgc.php?ad########
- ab###der.com/tdfpmmn/wtqanbo.php?ad########
- ab###der.com/tdfpmmn/zfpcdmakt.php?ad########
- ab###der.com/tdfpmmn/jqqankx.php?ad########
- ab###der.com/tdfpmmn/iouvvfgcd.php?ad########
- ab###der.com/tdfpmmn/wcyijjt.php?ad########
- ab###der.com/tdfpmmn/ohnbbyyif.php?ad########
- ab###der.com/tdfpmmn/mbhrobl.php?ad########
- DNS ASK ar###ort.net
- DNS ASK cr####l-arts.net
- DNS ASK bb###shaw.com
- DNS ASK je####ts-center.com
- DNS ASK fr####rts-2009.com
- DNS ASK ab###der.com
- DNS ASK a5###0057.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'