Technical Information
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] '' = '"<LS_APPDATA>\mip.exe" -a "%PROGRAM_FILES%\Internet Explorer\iexplore.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1210375522' = '<LS_APPDATA>\mip.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmon.exe' = '<SYSTEM32>\ctfmon.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- Windows Security Center
- <LS_APPDATA>\mip.exe -gav <Full path to virus>
- chrome.exe
- opera.exe
- iexplore.exe
- firefox.exe
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Options]
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Options]
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Main]
- [<HKLM>\Software\FlashFXP]
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Main]
- [<HKCU>\Software\BPFTP]
- [<HKCU>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\South River Technologies\WebDrive\Connections]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKCU>\Software\Sota\FFFTP\Options]
- [<HKCU>\Software\CoffeeCup Software\Internet\Profiles]
- [<HKCU>\Software\Far2\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\Far\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Far\Plugins\FTP\Hosts]
- [<HKCU>\Software\Far2\Plugins\FTP\Hosts]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\FlashFXP]
- [<HKLM>\Software\FlashFXP\3]
- [<HKCU>\Software\FlashFXP\3]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKLM>\Software\Ghisler\Total Commander]
- %ALLUSERSPROFILE%\Application Data\yeth.exe
- %TEMP%\cakg.exe
- <LS_APPDATA>\gcvn.exe
- %TEMP%\ihso.exe
- %HOMEPATH%\Templates\uwbd.exe
- %TEMP%\lr18f3234vnuyydd514q84y
- %HOMEPATH%\Templates\lr18f3234vnuyydd514q84y
- %ALLUSERSPROFILE%\Application Data\lr18f3234vnuyydd514q84y
- %HOMEPATH%\Templates\ofta.exe
- <LS_APPDATA>\lr18f3234vnuyydd514q84y
- %ALLUSERSPROFILE%\Application Data\rtyr.exe
- %TEMP%\dkmr.exe
- %HOMEPATH%\Templates\scnh.exe
- %ALLUSERSPROFILE%\Application Data\jysg.exe
- <LS_APPDATA>\mip.exe
- <LS_APPDATA>\ieib.exe
- %HOMEPATH%\Templates\yrrr.exe
- <LS_APPDATA>\jcqe.exe
- %TEMP%\ibfv.exe
- <LS_APPDATA>\rrjw.exe
- %ALLUSERSPROFILE%\Application Data\gvos.exe
- 'su###ebaq.com':80
- 'ti###uqel.com':80
- 'sy####lurypugi.com':80
- 'si####qilugoq.com':80
- 'ci####rijugeg.com':80
- 'da###ufigaj.com':80
- 'tu####kenuqi.com':80
- 'do####cufinulo.com':80
- 'gi###eceta.com':80
- 'pu####cyvazym.com':80
- '20#.#6.232.182':80
- 'le####jezociw.com':80
- 'xo###ipowu.com':80
- 'fo####wupode.com':80
- 'qo###ifelaw.com':80
- 'fi####gymeba.com':80
- 'di###akiri.com':80
- 'po###ybaru.com':80
- 'hi###umala.com':80
- 'pi####zocyluz.com':80
- 'cy####jyvidiwi.com':80
- 'ro####zanasi.com':80
- 'wa###opani.com':80
- 'ly####wotucoh.com':80
- 'he###ixiru.com':80
- 'zy####wodojyx.com':80
- 'gi####powaqa.com':80
- 'ra####bareme.com':80
- 'le###ehup.com':80
- 'wy###ediwo.com':80
- pi####zocyluz.com/
- DNS ASK do####cufinulo.com
- DNS ASK sy####lurypugi.com
- DNS ASK xo###ipowu.com
- DNS ASK fo####wupode.com
- DNS ASK si####qilugoq.com
- DNS ASK tu####kenuqi.com
- DNS ASK ti###uqel.com
- DNS ASK su###ebaq.com
- DNS ASK xo###alali.com
- DNS ASK microsoft.com
- DNS ASK tm####oxyzum.com
- DNS ASK mu###ahyxar.com
- DNS ASK le####jezociw.com
- DNS ASK qo###ifelaw.com
- DNS ASK pu####cyvazym.com
- DNS ASK gi###eceta.com
- DNS ASK da###ufigaj.com
- DNS ASK di###akiri.com
- DNS ASK fi####gymeba.com
- DNS ASK wa###opani.com
- DNS ASK po###ybaru.com
- DNS ASK cy####jyvidiwi.com
- DNS ASK pi####zocyluz.com
- DNS ASK hi###umala.com
- DNS ASK ro####zanasi.com
- DNS ASK he###ixiru.com
- DNS ASK ly####wotucoh.com
- DNS ASK ci####rijugeg.com
- DNS ASK zy####wodojyx.com
- DNS ASK wy###ediwo.com
- DNS ASK ra####bareme.com
- DNS ASK gi####powaqa.com
- DNS ASK le###ehup.com
- ClassName: 'msascui_class' WindowName: ''
- ClassName: 'Indicator' WindowName: ''