Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] '<Virus name>' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Virus name>' = '<Full path to virus>'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\v=78&step=2&hostid=5F5C1BC2B801AC7FFB1A22FB75A3789B[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\v=78&step=2&hostid=5F5C1BC2B801AC7FFB1A22FB75A3789B[1]
- 'ge#6.us':80
- 'ne####aplesite.us':80
- 'localhost':1038
- ge#6.us/getfile.php?r=############################################################################################
- ne####aplesite.us/httpss/v=78&step=2&hostid=5F5C1BC2B801AC7FFB1A22FB75A3789B
- DNS ASK ge#6.us
- DNS ASK ne####aplesite.us
- DNS ASK google.com
- DNS ASK 13######18.pro-freeprog.net
- DNS ASK 13######21.pro-freeprog.net
- '<Private IP address>':1037
- '<Private IP address>':1036
- '<Private IP address>':1039