Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'helperTumucumaque' = '%PROGRAM_FILES%\firefox\uninstall\tumucumaquehelper.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'SystemWindows' = '%PROGRAM_FILES%\internet explorer\iedwwindows.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FrameworkMicrosoft' = '%PROGRAM_FILES%\internet explorer\mui\0409\frameworkmicrosoft.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Virus name>' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] '<Virus name>' = '<Full path to virus>'
- <Auxiliary element>
- %PROGRAM_FILES%\FireFox\uninstall\Tumucumaquehelper.exe
- %PROGRAM_FILES%\Internet Explorer\MUI\0409\FrameworkMicrosoft.exe
- %PROGRAM_FILES%\Internet Explorer\iedwWindows.exe
- 'localhost':1039
- DNS ASK google.com
- DNS ASK ya##o.com
- DNS ASK ht#####bhistorysite.us
- DNS ASK 13#######3.web-testkeyboard.eu
- DNS ASK 13#######9.web-testkeyboard.eu