Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1635FD1316307D85' = 'C:\InstDrv\InstDrv.exe'
- C:\InstDrv\InstDrv.exe
- %APPDATA%\build.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen "%TEMP%\DSC0007.jpg"
- <SYSTEM32>\alg.exe
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- <SYSTEM32>\dwwin.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\svchost.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1409' = '00000003'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1409' = '00000003'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1409' = '00000003'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1409' = '00000003'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnPost' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnPostRedirect' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1406' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1409' = '00000003'
- C:\InstDrv\InstDrv.exe
- C:\InstDrv\config.bin
- %TEMP%\DSC0007.jpg
- %APPDATA%\build.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\DSC0007[1].jpg
- %APPDATA%\build.exe
- 'localhost':1192
- 'localhost':1198
- 'localhost':1191
- 'localhost':1185
- 'localhost':1186
- 'localhost':1209
- 'localhost':1211
- 'localhost':1204
- 'localhost':1197
- 'localhost':1203
- 'localhost':1180
- 'localhost':1161
- 'localhost':1163
- 'localhost':1157
- 'localhost':1151
- 'localhost':1155
- 'localhost':1173
- 'localhost':1179
- 'localhost':1174
- 'localhost':1167
- 'localhost':1169
- 'localhost':1215
- 'localhost':1260
- 'localhost':1263
- 'localhost':1257
- 'localhost':1251
- 'localhost':1254
- 'localhost':1275
- 'localhost':1277
- 'localhost':1272
- 'localhost':1266
- 'localhost':1269
- 'localhost':1247
- 'localhost':1227
- 'localhost':1228
- 'localhost':1223
- 'localhost':1217
- 'localhost':1221
- 'localhost':1241
- 'localhost':1245
- 'localhost':1239
- 'localhost':1233
- 'localhost':1235
- 'localhost':1065
- 'localhost':1066
- 'localhost':1062
- 'localhost':1055
- 'localhost':1059
- 'localhost':1078
- 'localhost':1083
- 'localhost':1077
- 'localhost':1071
- 'localhost':1073
- 'localhost':1053
- 'localhost':1040
- 'localhost':1041
- '91.##3.82.20':443
- 'localhost':1037
- 'ne#####inregistrars.com':80
- 'localhost':1046
- '91.##3.82.20':80
- 'localhost':1047
- '91.##3.82.20':7008
- '91.##3.82.20':7009
- 'localhost':1085
- 'localhost':1131
- 'localhost':1134
- 'localhost':1128
- 'localhost':1122
- 'localhost':1125
- 'localhost':1146
- 'localhost':1149
- 'localhost':1143
- 'localhost':1137
- 'localhost':1140
- 'localhost':1119
- 'localhost':1096
- 'localhost':1101
- 'localhost':1095
- 'localhost':1090
- 'localhost':1089
- 'localhost':1113
- 'localhost':1116
- 'localhost':1110
- 'localhost':1104
- 'localhost':1107
- 91.##3.82.20/account/gate.php?gu####################################################################################################################################################################################
- ne#####inregistrars.com/img/DSC0007.jpg
- DNS ASK ne#####inregistrars.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''