Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'F11537D9073BEA' = '<Full path to virus>'
- C:\ProgramData\Microsoft\RAC\Temp\sqlC4F4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlC4D4.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\magao6[1].inf
- <LS_APPDATA>\miw.txt
- C:\ProgramData\Microsoft\RAC\Temp\sqlC4D4.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlC4F4.tmp
- 'va###omarai.com':80
- 'localhost':54760
- va###omarai.com/mag/magao6.inf
- DNS ASK va###omarai.com
- ClassName: 'Indicator' WindowName: ''