Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\DcomLaunchSys] 'ImagePath' = '<SYSTEM32>\com\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\DcomLaunchSys] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\Com\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- <SYSTEM32>\Com\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Mozilla\UV9FXlFbb1NfWVQPBg.bin
- from <Full path to virus> to <Full path to virus>1
- '19#.#03.48.41':700
- '91.##7.60.68':80
- '19#.#03.48.23':700
- http://91.##7.60.68/eSICPADVXLZWmJ2LQPu.D8mGyxoDSui58GNjoTOZjw9WtocrIPk26S1z/nCusWkqiKxeAFOzHuEwqES6FZCw044mI.9P-Xq-Gmlw799j5.html
- http://91.##7.60.68/aepqJhxGFgv/6/NWTy5WO/mVV.G/YzuqXEk.evOWUCJNy.cgi?9-##################################################################
- http://91.##7.60.68/ZsUDmmSER/a13.0/GZJF2sw/FQlr9LDE/xBaRCaNMnzobLjsBGh67z.bml?Ct###########################################################
- ClassName: 'Shell_TrayWnd' WindowName: ''