Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'networkfx.exe' = 'C:\ProgramData\WindowsNetwork\networkfx.exe'
- %TEMP%\dw.log
- %TEMP%\val.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\uefguioejgoiejr9g8e8rgj9e8rjge098rjg[1]
- %TEMP%\3E0AD.dmp
- %TEMP%\aut3.tmp
- %TEMP%\winnetwork.exe
- %TEMP%\aut1.tmp
- %TEMP%\netwind.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'ue#########iejr9g8e8rgj9e8rjge098rjg.ru':80
- 'ip###ger.com':443
- 'localhost':1036
- http://ue#########iejr9g8e8rgj9e8rjge098rjg.ru/
- DNS ASK ue#########iejr9g8e8rgj9e8rjge098rjg.ru
- DNS ASK ip###ger.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- '%TEMP%\val.exe'
- '%TEMP%\netwind.exe'
- '<SYSTEM32>\cmd.exe' schtasks /create /tn Workserver /tr C: \ProgramData\WindowsNetwork\networkfix.exe /sc onstart
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 336