Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Server Control' = '%APPDATA%\srvCF5.exe'
- %APPDATA%\srvCF5.exe
- %TEMP%\32C8F.dmp
- <LS_APPDATA>\Microsoft_Corporation\srvCF5.exe_Url_jxucnuvtbhsk0sjnnykoewk3h3z11tog\5.2.1.0\rrjsnatb.newcfg
- %TEMP%\35034.dmp
- %TEMP%\dw.log
- <LS_APPDATA>\Microsoft_Corporation\<Virus name>.exe_Url_5vip3zsouy0qjbouikhpi22faaoirvqu\5.2.1.0\kn04qm1q.newcfg
- %APPDATA%\srvCF5.exe
- from <LS_APPDATA>\Microsoft_Corporation\srvCF5.exe_Url_jxucnuvtbhsk0sjnnykoewk3h3z11tog\5.2.1.0\rrjsnatb.newcfg to <LS_APPDATA>\Microsoft_Corporation\srvCF5.exe_Url_jxucnuvtbhsk0sjnnykoewk3h3z11tog\5.2.1.0\user.config
- from <LS_APPDATA>\Microsoft_Corporation\<Virus name>.exe_Url_5vip3zsouy0qjbouikhpi22faaoirvqu\5.2.1.0\kn04qm1q.newcfg to <LS_APPDATA>\Microsoft_Corporation\<Virus name>.exe_Url_5vip3zsouy0qjbouikhpi22faaoirvqu\5.2.1.0\user.config
- 'nv###.capfire4.com':80
- 'wp#d':80
- wp#d/wpad.dat
- nv###.capfire4.com/
- DNS ASK nv###.capfire4.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''