Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Maggie-Q' = '%PROGRAM_FILES%\<Virus name>.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Maggie-Q' = '%WINDIR%\<Virus name>.exe'
- hidden files
- file extensions
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisAllowRun' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = ''
- %TEMP%\nTkwC2YfzQhixxyXf4xt
- %TEMP%\OKRpKjm2YqmKdlqV8f6g
- %TEMP%\0k6e4gxKBGP4qjJkYqmz
- %TEMP%\Q0ablfD
- %TEMP%\oAatFwPyInz
- %TEMP%\jDSwQHzLfOpdpOv7
- %TEMP%\NH8lPjFeM1PqKJM4MPLm
- %TEMP%\IU5dTULpkLfGWUMXqiBk
- %TEMP%\SByn25sj7yYcEMTQ1Kbd
- %TEMP%\uVahxO3iRXR0MNMFodDh
- %TEMP%\MpqrRo7QKwmseCQBns7r
- %TEMP%\xiUq
- %TEMP%\BfyN8Itrhp6XmY
- %TEMP%\PukOJoIHX
- %TEMP%\FpJEDmHqLpTh8aT0ZJRc
- %TEMP%\crpTIPbpdz0IxEv2ULES
- %TEMP%\ZCEI4t0
- %TEMP%\6hn4Mtb6pigJvJdlcG3l
- %TEMP%\DFVNPSh7HzqIJlAELiw5
- %TEMP%\bosTAaCMbIlPqr2PQyFY
- %TEMP%\8oJJWMOquSfTqaLKNSKT
- %TEMP%\Va2OK1k0ZVnNqioLdlwG
- %TEMP%\SYbBULd3Ho5eM8KMREUw
- %PROGRAM_FILES%\Windows Media Player\npdrmv2.zip1
- %PROGRAM_FILES%\Windows Media Player\npds.zip1
- %PROGRAM_FILES%\Windows NT\dialer.exe1
- %TEMP%\IxRfZnrS5wwxVAlLcYxm
- %PROGRAM_FILES%\Windows Media Player\setup_wm.exe1
- %TEMP%\ZFa08n6cQzrtVd6xavvm
- %TEMP%\cOHHhkhIeDxOaPI6rMmS
- %TEMP%\KkeUuWWXZhYCXLLbmyLH
- %PROGRAM_FILES%\Windows Media Player\wmplayer.exe1
- %TEMP%\dn6
- %TEMP%\iH4Y1F3VvuYo8GPRryKr
- %TEMP%\RhAYftltWFOCzKVc7jmc
- %TEMP%\QaLTx7GWDCg6MH6Wfrwh
- %TEMP%\BzDqXBddVmr62Dj7EC
- %TEMP%\LX7x7GiQp0TxQ4rv6lqO
- %TEMP%\uyzyOb17JI1yMi5vCA4p
- %PROGRAM_FILES%\Windows NT\hypertrm.exe1
- %TEMP%\LeK8I5RlZrr2evtrmxzD
- %TEMP%\AEJZUrhVhCGYrexWq5eJ
- %TEMP%\kBXQBR8mnw3x3XdoAJNE
- %TEMP%\JDJktj
- %TEMP%\Cj8wUy3uE0WPnaY2D0vu
- %TEMP%\nvKfNyK3snaoTVODOYpS
- %TEMP%\8NTTGT6DpXTII6wSRZ0p
- %TEMP%\8sXIeaP8ja1NrAE6HwEs
- %TEMP%\373IgXDArWMStEjVOcAA
- %TEMP%\0LKsdfZTMjopf7RqUMrD
- %TEMP%\h7TTlAiH3jMgs4ld1vmi
- %TEMP%\WmIrxAi713WjegOyWueb
- %TEMP%\joflhSu4sqZUAXiI
- %TEMP%\jyeAslXNCqyWxvMRSLQL
- %TEMP%\SchfnGFlUR0ypFk116e3
- %TEMP%\PoutjW3TKHVNKiQ1n2Cn
- %TEMP%\N
- %TEMP%\jFCeGGSoPTKogAbcAepw
- %TEMP%\ayP3wGvZHhxNCWMQu66X
- %TEMP%\3XaTn8kRny2rb3JPbRd2
- %TEMP%\NOMoJcXIHGM8HERXhYC
- %TEMP%\PuC0ChojkOhwcpAjRKhV
- %TEMP%\wRUxS8ACm48aq3Fs5nIo
- %TEMP%\srHJmJDfKQcJnuzjmoSf
- %TEMP%\g8pR141ieU8k0j5EhIwH
- %TEMP%\NynFD8ZzxhA6ntLzUeUw
- %TEMP%\st1eW3fjVd2naM1Te13k
- %TEMP%\IgH55F
- %TEMP%\mWjVYjZ5rv6TmntoGvle
- %TEMP%\O
- %TEMP%\Bk11Smj7YflabUSaMnyU
- %TEMP%\HIwGTKWMRq34YrxqpyD3
- %TEMP%\FCfHeW1ts0Y4NcqY5lhJ
- %TEMP%\nQE8OtXrlZrssPdvlq1U
- %TEMP%\t7zNLuzlSXSO4OhxBzY5
- %TEMP%\NREeoTDen6Ym8igsl0KC
- %TEMP%\gaKkxWW1AbcwGHzNsQ2G
- %TEMP%\uRkHBV04UKtF2YrfQhoG
- %TEMP%\dhCsLHkhZRES5G
- %TEMP%\6WL6llMkPsT6EdqiyIRH
- %TEMP%\xcSZQJjwUn3WgLyar4gV
- %TEMP%\GyTZmE4X085HG
- %TEMP%\Bjhhw2nbvYPwMXSNRrma
- %TEMP%\H
- %TEMP%\8cAn5CH4tOxciWvO0b0p
- %TEMP%\Dfaj6gzRAMSawy3uNJs7
- %TEMP%\QuvHfDcjJXgsaxlB4m3x
- %PROGRAM_FILES%\Windows Media Player\mplayer2.exe1
- %TEMP%\Uee0VmStLFuD
- %TEMP%\aSoPT4bE6ftVeD0dul4u
- C:\Far\Plugins\ffpd.exe1
- %PROGRAM_FILES%\FireFox\crashreporter.exe1
- %TEMP%\ZZaIRS03ItM3xwFEkaof
- %TEMP%\6P2Efmg4EZbH744DYYbL
- %TEMP%\agfQiQQla8wDgfAN7OXF
- %TEMP%\lky
- %TEMP%\tjZ6IaBVyda
- %TEMP%\vgtDE4kvNENcXG6NRxJX
- %TEMP%\lMalBXqnSn06rzGsonyL
- %PROGRAM_FILES%\FireFox\nsinstall.exe1
- %TEMP%\gKv7WrJfe2rTIBrHZkYi
- %TEMP%\0LlO1xeLaM78gP7hcPv5
- %TEMP%\6
- %PROGRAM_FILES%\FireFox\plugin-container.exe1
- %TEMP%\Z1OqwVUxVSRVbe
- %PROGRAM_FILES%\FireFox\firefox.exe1
- %PROGRAM_FILES%\FireFox\js.exe1
- %PROGRAM_FILES%\FireFox\mangle.exe1
- %TEMP%\Vot5qTzqzunlE0KJarMl
- %TEMP%\BMIFbw1jEyjPxfwqFGKd
- C:\Far\Far.exe1
- %TEMP%\BMiUmJPCBxYCQWZDzoWu
- %TEMP%\BJ4nwfo0qqyRQO7chBhH
- %TEMP%\tX2riQOgPBZNwuZ8Lymd
- C:\Far\UnInstall.exe1
- %TEMP%\<Virus name>.exe.exe
- %TEMP%\<Virus name>.exe1
- %WINDIR%\<Virus name>.exe
- %TEMP%\dYYr6Im6raosBiKDOlCW
- %PROGRAM_FILES%\<Virus name>.exe
- C:\Far\COLORER.RAR1
- %TEMP%\lgippxAam0ieiKmNKsed
- %TEMP%\0
- %TEMP%\wwzfUa6aTFoMb6GU4t8X
- %TEMP%\SpdSBqSrBHSVR
- %TEMP%\mrpOnFYP2Wg0YBACHZzT
- C:\Far\PLUGINS.RAR1
- %TEMP%\JtNzfZv0RK1TzzESgVw8
- %TEMP%\au4xKs4MJdkTs4
- <Auxiliary element>
- %TEMP%\U7sDFArLxrC0Joqukidl
- %PROGRAM_FILES%\FireFox\shlibsign.exe1
- %TEMP%\mVQSvhdRXEmF8vppRQhX
- %PROGRAM_FILES%\NetMeeting\conf.exe1
- %PROGRAM_FILES%\NetMeeting\wb32.exe1
- %PROGRAM_FILES%\Outlook Express\msimn.exe1
- %TEMP%\HHgDfBgLGqjayqnVkhRB
- %PROGRAM_FILES%\Movie Maker\moviemk.exe1
- %TEMP%\rW2Pl52xHnSqcs0xDhoR
- %TEMP%\U0
- %TEMP%\AHMkiKqpviQEsoPHGe1U
- %PROGRAM_FILES%\NetMeeting\cb32.exe1
- %TEMP%\jVoWl
- %PROGRAM_FILES%\Outlook Express\wabmig.exe1
- %TEMP%\KgLCTrfSMY8it4RiSEBb
- %TEMP%\r5T6CKCisIdrzIwmYnCK
- %TEMP%\BA2t3ldj0e0dxQJkH5E3
- %PROGRAM_FILES%\Windows Media Player\migrate.exe1
- %TEMP%\LFcKC6GPIatk5VHHHJIZ
- %PROGRAM_FILES%\Outlook Express\oemig50.exe1
- %PROGRAM_FILES%\Outlook Express\setup50.exe1
- %PROGRAM_FILES%\Outlook Express\wab.exe1
- %TEMP%\ksI
- %PROGRAM_FILES%\Messenger\xpmsgr.chm1
- %TEMP%\msFoilGcIJ6y8BRPRhoU
- %PROGRAM_FILES%\FireFox\xpidl.exe1
- %PROGRAM_FILES%\FireFox\xpt_dump.exe1
- %PROGRAM_FILES%\FireFox\xpt_link.exe1
- %TEMP%\uWrNz5hIMTgJqGI4dne4
- %PROGRAM_FILES%\FireFox\updater.exe1
- %TEMP%\rsPzXesXvkyte62FwlIp
- %TEMP%\blnxZjakZedyeK3Y4zNF
- %TEMP%\4MrSRRvxVmkXOJIO3Bnq
- %PROGRAM_FILES%\FireFox\xpcshell.exe1
- %TEMP%\ukzhBj6C5
- %PROGRAM_FILES%\Messenger\logowin.gif1
- %TEMP%\fL6u0pKJNidgY52pMFbj
- %TEMP%\U0ek2LbKsAxwAxW5gn5W
- %TEMP%\aEMxZzmABC2DQwlBz3QU
- %PROGRAM_FILES%\Messenger\lvback.gif1
- %TEMP%\2vVboqVOEb5sbHDUJcex
- %PROGRAM_FILES%\Internet Explorer\iedw.exe1
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE1
- %PROGRAM_FILES%\Messenger\msmsgs.exe1
- %TEMP%\3cnFboy8C5Kq2ie4G0o5
- %TEMP%\FpJEDmHqLpTh8aT0ZJRc
- %TEMP%\crpTIPbpdz0IxEv2ULES
- %TEMP%\FCfHeW1ts0Y4NcqY5lhJ
- %TEMP%\JDJktj
- %TEMP%\BfyN8Itrhp6XmY
- %TEMP%\bosTAaCMbIlPqr2PQyFY
- %TEMP%\PukOJoIHX
- %TEMP%\xiUq
- %TEMP%\st1eW3fjVd2naM1Te13k
- %TEMP%\IgH55F
- %TEMP%\Bk11Smj7YflabUSaMnyU
- %TEMP%\mWjVYjZ5rv6TmntoGvle
- %TEMP%\nQE8OtXrlZrssPdvlq1U
- %TEMP%\HIwGTKWMRq34YrxqpyD3
- %TEMP%\t7zNLuzlSXSO4OhxBzY5
- %TEMP%\NREeoTDen6Ym8igsl0KC
- %TEMP%\SByn25sj7yYcEMTQ1Kbd
- %TEMP%\uVahxO3iRXR0MNMFodDh
- %TEMP%\nTkwC2YfzQhixxyXf4xt
- %TEMP%\OKRpKjm2YqmKdlqV8f6g
- %TEMP%\NH8lPjFeM1PqKJM4MPLm
- %TEMP%\Va2OK1k0ZVnNqioLdlwG
- %TEMP%\IU5dTULpkLfGWUMXqiBk
- %TEMP%\jDSwQHzLfOpdpOv7
- %TEMP%\ZCEI4t0
- %TEMP%\6hn4Mtb6pigJvJdlcG3l
- %TEMP%\8oJJWMOquSfTqaLKNSKT
- %TEMP%\DFVNPSh7HzqIJlAELiw5
- %TEMP%\oAatFwPyInz
- %TEMP%\0k6e4gxKBGP4qjJkYqmz
- %TEMP%\MpqrRo7QKwmseCQBns7r
- %TEMP%\Q0ablfD
- %TEMP%\O
- %TEMP%\8sXIeaP8ja1NrAE6HwEs
- %TEMP%\373IgXDArWMStEjVOcAA
- %TEMP%\PuC0ChojkOhwcpAjRKhV
- %TEMP%\SchfnGFlUR0ypFk116e3
- %TEMP%\nvKfNyK3snaoTVODOYpS
- %TEMP%\joflhSu4sqZUAXiI
- %TEMP%\8NTTGT6DpXTII6wSRZ0p
- %TEMP%\Cj8wUy3uE0WPnaY2D0vu
- %TEMP%\PoutjW3TKHVNKiQ1n2Cn
- %TEMP%\N
- %TEMP%\3XaTn8kRny2rb3JPbRd2
- %TEMP%\jFCeGGSoPTKogAbcAepw
- %TEMP%\wRUxS8ACm48aq3Fs5nIo
- %TEMP%\NOMoJcXIHGM8HERXhYC
- %TEMP%\srHJmJDfKQcJnuzjmoSf
- %TEMP%\g8pR141ieU8k0j5EhIwH
- %TEMP%\Dfaj6gzRAMSawy3uNJs7
- %TEMP%\QuvHfDcjJXgsaxlB4m3x
- %TEMP%\uRkHBV04UKtF2YrfQhoG
- %TEMP%\dhCsLHkhZRES5G
- %TEMP%\H
- %TEMP%\gaKkxWW1AbcwGHzNsQ2G
- %TEMP%\8cAn5CH4tOxciWvO0b0p
- %TEMP%\Bjhhw2nbvYPwMXSNRrma
- %TEMP%\0LKsdfZTMjopf7RqUMrD
- %TEMP%\h7TTlAiH3jMgs4ld1vmi
- %TEMP%\jyeAslXNCqyWxvMRSLQL
- %TEMP%\WmIrxAi713WjegOyWueb
- %TEMP%\GyTZmE4X085HG
- %TEMP%\6WL6llMkPsT6EdqiyIRH
- %TEMP%\NynFD8ZzxhA6ntLzUeUw
- %TEMP%\xcSZQJjwUn3WgLyar4gV
- %TEMP%\ZZaIRS03ItM3xwFEkaof
- %TEMP%\Uee0VmStLFuD
- %TEMP%\Z1OqwVUxVSRVbe
- %TEMP%\lMalBXqnSn06rzGsonyL
- %TEMP%\vgtDE4kvNENcXG6NRxJX
- %TEMP%\lky
- %TEMP%\aSoPT4bE6ftVeD0dul4u
- %TEMP%\tjZ6IaBVyda
- %TEMP%\blnxZjakZedyeK3Y4zNF
- %TEMP%\rsPzXesXvkyte62FwlIp
- %TEMP%\msFoilGcIJ6y8BRPRhoU
- %TEMP%\4MrSRRvxVmkXOJIO3Bnq
- %TEMP%\gKv7WrJfe2rTIBrHZkYi
- %TEMP%\Vot5qTzqzunlE0KJarMl
- %TEMP%\6
- %TEMP%\0LlO1xeLaM78gP7hcPv5
- %TEMP%\JtNzfZv0RK1TzzESgVw8
- %TEMP%\tX2riQOgPBZNwuZ8Lymd
- %TEMP%\U7sDFArLxrC0Joqukidl
- %TEMP%\au4xKs4MJdkTs4
- %TEMP%\dYYr6Im6raosBiKDOlCW
- %TEMP%\<Virus name>.exe1
- %TEMP%\BJ4nwfo0qqyRQO7chBhH
- %TEMP%\BMiUmJPCBxYCQWZDzoWu
- %TEMP%\BMIFbw1jEyjPxfwqFGKd
- %TEMP%\SpdSBqSrBHSVR
- %TEMP%\6P2Efmg4EZbH744DYYbL
- %TEMP%\agfQiQQla8wDgfAN7OXF
- %TEMP%\lgippxAam0ieiKmNKsed
- %TEMP%\0
- %TEMP%\mrpOnFYP2Wg0YBACHZzT
- %TEMP%\wwzfUa6aTFoMb6GU4t8X
- %TEMP%\uWrNz5hIMTgJqGI4dne4
- %TEMP%\IxRfZnrS5wwxVAlLcYxm
- %TEMP%\SYbBULd3Ho5eM8KMREUw
- %TEMP%\uyzyOb17JI1yMi5vCA4p
- %TEMP%\dn6
- %TEMP%\ZFa08n6cQzrtVd6xavvm
- %TEMP%\BA2t3ldj0e0dxQJkH5E3
- %TEMP%\KkeUuWWXZhYCXLLbmyLH
- %TEMP%\cOHHhkhIeDxOaPI6rMmS
- %TEMP%\QaLTx7GWDCg6MH6Wfrwh
- %TEMP%\iH4Y1F3VvuYo8GPRryKr
- %TEMP%\BzDqXBddVmr62Dj7EC
- %TEMP%\LX7x7GiQp0TxQ4rv6lqO
- %TEMP%\kBXQBR8mnw3x3XdoAJNE
- %TEMP%\LeK8I5RlZrr2evtrmxzD
- %TEMP%\RhAYftltWFOCzKVc7jmc
- %TEMP%\AEJZUrhVhCGYrexWq5eJ
- %TEMP%\aEMxZzmABC2DQwlBz3QU
- %TEMP%\U0ek2LbKsAxwAxW5gn5W
- %TEMP%\U0
- %TEMP%\rW2Pl52xHnSqcs0xDhoR
- %TEMP%\2vVboqVOEb5sbHDUJcex
- %TEMP%\ukzhBj6C5
- %TEMP%\fL6u0pKJNidgY52pMFbj
- %TEMP%\3cnFboy8C5Kq2ie4G0o5
- %TEMP%\ksI
- %TEMP%\LFcKC6GPIatk5VHHHJIZ
- %TEMP%\r5T6CKCisIdrzIwmYnCK
- %TEMP%\KgLCTrfSMY8it4RiSEBb
- %TEMP%\mVQSvhdRXEmF8vppRQhX
- %TEMP%\AHMkiKqpviQEsoPHGe1U
- %TEMP%\jVoWl
- %TEMP%\HHgDfBgLGqjayqnVkhRB
- ClassName: 'Indicator' WindowName: ''