Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dnsvs' = '"<SYSTEM32>\dnsvs.exe" +kddk.pe~e|kJhcmgcx.do~'
- [<HKLM>\SYSTEM\ControlSet001\Services\r_server] 'Start' = '00000002'
- <SYSTEM32>\ipvc.exe saw
- <SYSTEM32>\dnsvs.exe anna.zotova@bigmir.net
- <SYSTEM32>\hidcon.exe ra.bat
- <SYSTEM32>\hidcon.exe ipvc.exe saw
- <SYSTEM32>\r_server.exe /install /silence
- <SYSTEM32>\reg.exe add HKLM\SYSTEM\RAdmin
- <SYSTEM32>\cmd.exe /c ra.bat
- <SYSTEM32>\hidcon.exe
- <SYSTEM32>\ipvc.exe
- <SYSTEM32>\dnsvs.exe
- <SYSTEM32>\ra.bat
- <SYSTEM32>\raddrv.dll
- <SYSTEM32>\AdmDll.dll
- <SYSTEM32>\ipvc.bin
- <SYSTEM32>\r_server.exe
- <SYSTEM32>\ipvc.bin
- '94.##0.191.201':25
- DNS ASK sm##.mail.ru
- '<Private IP address>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''