Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'office' = '%HOMEPATH%\Local Settings\runtime.exe'
- '%HOMEPATH%\Local Settings\runtime.exe'
- '%HOMEPATH%\Local Settings\X1.exe'
- '<SYSTEM32>\rundll32.exe' %HOMEPATH%\Local Settings\wship4.tmp,EntryPoint 260
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %HOMEPATH%\Local Settings\Application Form 2.jpg
- opera.exe
- %HOMEPATH%\Local Settings\wship4.tmp
- %HOMEPATH%\Recent\Application Form 2.lnk
- %HOMEPATH%\Recent\Local Settings.lnk
- %HOMEPATH%\Local Settings\X1.exe
- %HOMEPATH%\Local Settings\Application Form 2.jpg
- %HOMEPATH%\Local Settings\runtime.exe
- 'www.do##ive.com':443
- DNS ASK www.do##ive.com
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''