Technical Information
- [<HKLM>\SOFTWARE\Classes\FileOpenerPro\shell\open\command] '' = '"%PROGRAM_FILES%\FileOpenerPro\FileOpenerPro.exe" "%1"'
- %PROGRAM_FILES%\FileOpenerPro\uninstall.exe
- %TEMP%\install.log
- <LS_APPDATA>\ApplicationHistory\<Virus name>.exe.39a980f1.ini
- %PROGRAM_FILES%\FileOpenerPro\settings.txt
- %PROGRAM_FILES%\FileOpenerPro\FileOpenerPro.exe
- %PROGRAM_FILES%\FileOpenerPro\AxSHDocVw.dll
- %PROGRAM_FILES%\FileOpenerPro\SHDocVw.dll
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2808.187296
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2808.187250
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2808.187296
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2808.187250
- 'im##############y-1085035873.us-east-1.elb.amazonaws.com':80
- im##############y-1085035873.us-east-1.elb.amazonaws.com/impression.do/?ev########################################################
- DNS ASK im##############y-1085035873.us-east-1.elb.amazonaws.com