Technical Information
- %TEMP%\15.tmp
- %TEMP%\13.tmp
- %TEMP%\11.tmp
- %TEMP%\1B.tmp
- %TEMP%\19.tmp
- %TEMP%\17.tmp
- %TEMP%\F.tmp
- %TEMP%\7.tmp
- %TEMP%\5.tmp
- %TEMP%\3.tmp
- %TEMP%\D.tmp
- %TEMP%\B.tmp
- %TEMP%\9.tmp
- from <SYSTEM32>\migpwd.exe to %TEMP%\15.tmp
- from <SYSTEM32>\dbnmpntw.dll to %TEMP%\13.tmp
- from <SYSTEM32>\jgsh400.dll to %TEMP%\11.tmp
- from <SYSTEM32>\WindowsCodecsExt.dll to %TEMP%\1B.tmp
- from <SYSTEM32>\hticons.dll to %TEMP%\19.tmp
- from <SYSTEM32>\odbcbcp.dll to %TEMP%\17.tmp
- from <SYSTEM32>\mapi32.dll to %TEMP%\F.tmp
- from <SYSTEM32>\msvcr71.dll to %TEMP%\7.tmp
- from <SYSTEM32>\cliconfg.exe to %TEMP%\5.tmp
- from <SYSTEM32>\dbmsrpcn.dll to %TEMP%\3.tmp
- from <SYSTEM32>\jgsd400.dll to %TEMP%\D.tmp
- from <SYSTEM32>\jgdw400.dll to %TEMP%\B.tmp
- from <SYSTEM32>\hypertrm.dll to %TEMP%\9.tmp
- from <Full path to virus> to %TEMP%\1.tmp
- '62.##2.67.98':80
- '20#.#6.232.182':80
- 62.##2.67.98/ieXXy04pf?Sk#########################################################################
- DNS ASK microsoft.com