Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ste.exe' = '<SYSTEM32>\msload.exe'
- '%WINDIR%\2.exe'
- '%WINDIR%\1.exe'
- '%WINDIR%\2.exe' (downloaded from the Internet)
- '%WINDIR%\1.exe' (downloaded from the Internet)
- outpost.exe
- smc.exe
- MCAGENT.EXE
- NAVAPW32.EXE
- sro_client.exe
- zlclient.exe
- ZONEALARM.EXE
- ybclient.exe
- zapro.exe
- bdagent.exe
- Drwebupw.exe
- ash.exe
- AVSYNMGR.EXE
- elementclient.exe
- lotroclient.exe
- magent.exe
- fsav.exe
- GUARD.EXE
- %WINDIR%\1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\tcpip[1].exe
- %WINDIR%\2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\banlist[1].php
- <SYSTEM32>\ban_list.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\mssopla2[1].exe
- 'www.28######dl3943mdskl893.biz':80
- 'localhost':1037
- www.28######dl3943mdskl893.biz/1/tcpip.exe
- www.28######dl3943mdskl893.biz/1/mssopla2.exe
- www.28######dl3943mdskl893.biz/1/banlist.php
- DNS ASK www.28######dl3943mdskl893.biz
- ClassName: 'Indicator' WindowName: ''