Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System Windows' = '%HOMEPATH%\system64\<Virus name>.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'System Windows' = '%HOMEPATH%\system64\<Virus name>.exe'
- %HOMEPATH%\system64\163244.jpg
- %HOMEPATH%\system64\163244.mah
- %HOMEPATH%\system64\163243.mah
- %HOMEPATH%\system64\163242.mah
- %HOMEPATH%\system64\163243.jpg
- %HOMEPATH%\system64\163246.mah
- %HOMEPATH%\system64\163247.jpg
- %HOMEPATH%\system64\163246.jpg
- %HOMEPATH%\system64\163245.jpg
- %HOMEPATH%\system64\163245.mah
- %HOMEPATH%\system64\163237.jpg
- %HOMEPATH%\system64\163237.mah
- %HOMEPATH%\system64\163236.mah
- %HOMEPATH%\system64\163235.mah
- %HOMEPATH%\system64\163236.jpg
- %HOMEPATH%\system64\163240.mah
- %HOMEPATH%\system64\163242.jpg
- %HOMEPATH%\system64\163240.jpg
- %HOMEPATH%\system64\163239.jpg
- %HOMEPATH%\system64\163239.mah
- %HOMEPATH%\system64\163247.mah
- %HOMEPATH%\system64\163256.mah
- %HOMEPATH%\system64\163258.jpg
- %HOMEPATH%\system64\163256.jpg
- %HOMEPATH%\system64\163255.jpg
- %HOMEPATH%\system64\163255.mah
- %HOMEPATH%\system64\163301.jpg
- %HOMEPATH%\system64\163301.mah
- %HOMEPATH%\system64\163300.mah
- %HOMEPATH%\system64\163258.mah
- %HOMEPATH%\system64\163300.jpg
- %HOMEPATH%\system64\163251.mah
- %HOMEPATH%\system64\163252.jpg
- %HOMEPATH%\system64\163251.jpg
- %HOMEPATH%\system64\163249.jpg
- %HOMEPATH%\system64\163249.mah
- %HOMEPATH%\system64\163254.jpg
- %HOMEPATH%\system64\163254.mah
- %HOMEPATH%\system64\163253.mah
- %HOMEPATH%\system64\163252.mah
- %HOMEPATH%\system64\163253.jpg
- %HOMEPATH%\system64\163235.jpg
- %HOMEPATH%\system64\163217.jpg
- %HOMEPATH%\system64\163217.mah
- %HOMEPATH%\system64\163216.mah
- %HOMEPATH%\system64\163214.mah
- %HOMEPATH%\system64\163216.jpg
- %HOMEPATH%\system64\163221.mah
- %HOMEPATH%\system64\163222.jpg
- %HOMEPATH%\system64\163221.jpg
- %HOMEPATH%\system64\163219.jpg
- %HOMEPATH%\system64\163219.mah
- %HOMEPATH%\system64\163209.jpg
- %HOMEPATH%\system64\163209.mah
- %HOMEPATH%\system64\163209_ini.mah
- %HOMEPATH%\system64\ip.txt
- %HOMEPATH%\system64\163209.ini
- %HOMEPATH%\system64\163213.mah
- %HOMEPATH%\system64\163214.jpg
- %HOMEPATH%\system64\163213.jpg
- %HOMEPATH%\system64\163212.jpg
- %HOMEPATH%\system64\163212.mah
- %HOMEPATH%\system64\163222.mah
- %HOMEPATH%\system64\163231.mah
- %HOMEPATH%\system64\163232.jpg
- %HOMEPATH%\system64\163231.jpg
- %HOMEPATH%\system64\163229.jpg
- %HOMEPATH%\system64\163229.mah
- %HOMEPATH%\system64\163234.jpg
- %HOMEPATH%\system64\163234.mah
- %HOMEPATH%\system64\163233.mah
- %HOMEPATH%\system64\163232.mah
- %HOMEPATH%\system64\163233.jpg
- %HOMEPATH%\system64\163224.mah
- %HOMEPATH%\system64\163225.jpg
- %HOMEPATH%\system64\163224.jpg
- %HOMEPATH%\system64\163223.jpg
- %HOMEPATH%\system64\163223.mah
- %HOMEPATH%\system64\163227.jpg
- %HOMEPATH%\system64\163227.mah
- %HOMEPATH%\system64\163226.mah
- %HOMEPATH%\system64\163225.mah
- %HOMEPATH%\system64\163226.jpg
- %HOMEPATH%\system64\163243.mah
- %HOMEPATH%\system64\163244.jpg
- %HOMEPATH%\system64\163243.jpg
- %HOMEPATH%\system64\163242.jpg
- %HOMEPATH%\system64\163242.mah
- %HOMEPATH%\system64\163246.jpg
- %HOMEPATH%\system64\163246.mah
- %HOMEPATH%\system64\163245.mah
- %HOMEPATH%\system64\163244.mah
- %HOMEPATH%\system64\163245.jpg
- %HOMEPATH%\system64\163236.mah
- %HOMEPATH%\system64\163237.jpg
- %HOMEPATH%\system64\163236.jpg
- %HOMEPATH%\system64\163235.jpg
- %HOMEPATH%\system64\163235.mah
- %HOMEPATH%\system64\163240.jpg
- %HOMEPATH%\system64\163240.mah
- %HOMEPATH%\system64\163239.mah
- %HOMEPATH%\system64\163237.mah
- %HOMEPATH%\system64\163239.jpg
- %HOMEPATH%\system64\163255.mah
- %HOMEPATH%\system64\163256.jpg
- %HOMEPATH%\system64\163255.jpg
- %HOMEPATH%\system64\163254.jpg
- %HOMEPATH%\system64\163254.mah
- %HOMEPATH%\system64\163300.jpg
- %HOMEPATH%\system64\163300.mah
- %HOMEPATH%\system64\163258.mah
- %HOMEPATH%\system64\163256.mah
- %HOMEPATH%\system64\163258.jpg
- %HOMEPATH%\system64\163249.mah
- %HOMEPATH%\system64\163251.jpg
- %HOMEPATH%\system64\163249.jpg
- %HOMEPATH%\system64\163247.jpg
- %HOMEPATH%\system64\163247.mah
- %HOMEPATH%\system64\163253.jpg
- %HOMEPATH%\system64\163253.mah
- %HOMEPATH%\system64\163252.mah
- %HOMEPATH%\system64\163251.mah
- %HOMEPATH%\system64\163252.jpg
- %HOMEPATH%\system64\163217.mah
- %HOMEPATH%\system64\163219.jpg
- %HOMEPATH%\system64\163217.jpg
- %HOMEPATH%\system64\163216.jpg
- %HOMEPATH%\system64\163216.mah
- %HOMEPATH%\system64\163222.jpg
- %HOMEPATH%\system64\163222.mah
- %HOMEPATH%\system64\163221.mah
- %HOMEPATH%\system64\163219.mah
- %HOMEPATH%\system64\163221.jpg
- %HOMEPATH%\system64\163209.mah
- %HOMEPATH%\system64\163212.jpg
- %HOMEPATH%\system64\163209.jpg
- %HOMEPATH%\system64\ip.txt
- %HOMEPATH%\system64\163209_ini.mah
- %HOMEPATH%\system64\163214.jpg
- %HOMEPATH%\system64\163214.mah
- %HOMEPATH%\system64\163213.mah
- %HOMEPATH%\system64\163212.mah
- %HOMEPATH%\system64\163213.jpg
- %HOMEPATH%\system64\163231.mah
- %HOMEPATH%\system64\163232.jpg
- %HOMEPATH%\system64\163231.jpg
- %HOMEPATH%\system64\163229.jpg
- %HOMEPATH%\system64\163229.mah
- %HOMEPATH%\system64\163234.jpg
- %HOMEPATH%\system64\163234.mah
- %HOMEPATH%\system64\163233.mah
- %HOMEPATH%\system64\163232.mah
- %HOMEPATH%\system64\163233.jpg
- %HOMEPATH%\system64\163224.mah
- %HOMEPATH%\system64\163225.jpg
- %HOMEPATH%\system64\163224.jpg
- %HOMEPATH%\system64\163223.jpg
- %HOMEPATH%\system64\163223.mah
- %HOMEPATH%\system64\163227.jpg
- %HOMEPATH%\system64\163227.mah
- %HOMEPATH%\system64\163226.mah
- %HOMEPATH%\system64\163225.mah
- %HOMEPATH%\system64\163226.jpg
- 'dt####ng.comyr.com':21
- 'ch####p.dyndns.org':80
- 'localhost':1037
- http://ch####p.dyndns.org/
- DNS ASK dt####ng.comyr.com
- DNS ASK ch####p.dyndns.org
- ClassName: 'Indicator' WindowName: ''