Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\sst] 'Name' = '<SYSTEM32>\spool\PRTPROCS\W32X86\sst1.tmp'
- [<HKLM>\SYSTEM\ControlSet001\Services\sst2] 'imagepath' = 'globalroot<DRIVERS>\sst2.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Spooler] 'Start' = '00000002'
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YQRA29M\main[1].php
- <DRIVERS>\sst2.sys
- <SYSTEM32>\spool\prtprocs\w32x86\sst1.tmp
- <DRIVERS>\sst2.sys
- from <Full path to virus> to %TEMP%\clb3E8.tmp
- 'se#####indcalculate.org':80
- se#####indcalculate.org/cat/main.php?af####################
- DNS ASK se#####indcalculate.org
- '<Private IP address>':1035