Technical Information
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] '' = '"<LS_APPDATA>\unq.exe" -a "%PROGRAM_FILES%\Internet Explorer\iexplore.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '730345302' = '<LS_APPDATA>\unq.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmon.exe' = '<SYSTEM32>\ctfmon.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- Windows Security Center
- <LS_APPDATA>\unq.exe -gav <Full path to virus>
- chrome.exe
- opera.exe
- iexplore.exe
- firefox.exe
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Options]
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Options]
- [<HKCU>\Software\BulletProof Software\BulletProof FTP Client\Main]
- [<HKLM>\Software\FlashFXP]
- [<HKCU>\Software\BPFTP\Bullet Proof FTP\Main]
- [<HKCU>\Software\BPFTP]
- [<HKCU>\Software\South River Technologies\WebDrive\Connections]
- [<HKLM>\Software\South River Technologies\WebDrive\Connections]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- [<HKCU>\Software\Sota\FFFTP\Options]
- [<HKCU>\Software\CoffeeCup Software\Internet\Profiles]
- [<HKCU>\Software\Far2\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Ghisler\Windows Commander]
- [<HKCU>\Software\Far\SavedDialogHistory\FTPHost]
- [<HKCU>\Software\Far\Plugins\FTP\Hosts]
- [<HKCU>\Software\Far2\Plugins\FTP\Hosts]
- [<HKCU>\Software\Ghisler\Total Commander]
- [<HKCU>\Software\FlashFXP]
- [<HKLM>\Software\FlashFXP\3]
- [<HKCU>\Software\FlashFXP\3]
- [<HKLM>\Software\Ghisler\Windows Commander]
- [<HKLM>\Software\Ghisler\Total Commander]
- <LS_APPDATA>\fpwt.exe
- %ALLUSERSPROFILE%\Application Data\iwgo.exe
- %HOMEPATH%\Templates\hnqc.exe
- %ALLUSERSPROFILE%\Application Data\nctg.exe
- %TEMP%\xamo.exe
- %TEMP%\haqr.exe
- %TEMP%\2g0006c54o6d7wc162go103v0d5g6x17g4g5o0t
- %HOMEPATH%\Templates\2g0006c54o6d7wc162go103v0d5g6x17g4g5o0t
- %ALLUSERSPROFILE%\Application Data\2g0006c54o6d7wc162go103v0d5g6x17g4g5o0t
- %HOMEPATH%\Templates\lcbs.exe
- <LS_APPDATA>\2g0006c54o6d7wc162go103v0d5g6x17g4g5o0t
- <LS_APPDATA>\lmig.exe
- %ALLUSERSPROFILE%\Application Data\tkil.exe
- %TEMP%\dcxg.exe
- <LS_APPDATA>\pxhg.exe
- %TEMP%\ajb1.tmp
- <LS_APPDATA>\unq.exe
- %HOMEPATH%\Templates\cthp.exe
- %TEMP%\vcxe.exe
- %HOMEPATH%\Templates\lgqo.exe
- %TEMP%\ajb2.tmp
- <LS_APPDATA>\urqb.exe
- %ALLUSERSPROFILE%\Application Data\wdov.exe
- %TEMP%\ajb2.tmp
- %TEMP%\ajb1.tmp
- 'le###ehup.com':80
- 'qo###ifelaw.com':80
- 'xi####xegybozi.com':80
- 'su###ebaq.com':80
- 'bi####qojivu.com':80
- 'mo####xazyby.com':80
- 'sy####lurypugi.com':80
- 'pe###ehywe.com':80
- 'le####jezociw.com':80
- 'pi####xuwisin.com':80
- 'ra####bareme.com':80
- 'he###ixiru.com':80
- 'ba####naxepo.com':80
- 'ho####mitajy.com':80
- 'he###yheduf.com':80
- 'ci####rijugeg.com':80
- 'pa####kavygaj.com':80
- 'ci####cuqekexo.com':80
- 'wi###ypihag.com':80
- 'wa####qohuli.com':80
- 'su###evebat.com':80
- 'te####ter-th4j.com':80
- 'gi###eceta.com':80
- 'jy####fyhulora.com':80
- 'si####qilugoq.com':80
- 'le####vasezo.com':80
- 'fo####wupode.com':80
- 'zy####wodojyx.com':80
- 'ti###uqel.com':80
- 'xu###acaqy.com':80
- 'za####tahuryp.com':80
- te####ter-th4j.com/setup.exe
- su###evebat.com/
- DNS ASK xi####xegybozi.com
- DNS ASK qo###ifelaw.com
- DNS ASK ba####naxepo.com
- DNS ASK pe###ehywe.com
- DNS ASK sy####lurypugi.com
- DNS ASK mo####xazyby.com
- DNS ASK le###ehup.com
- DNS ASK su###ebaq.com
- DNS ASK ra####bareme.com
- DNS ASK pi####xuwisin.com
- DNS ASK wy####facysyd.com
- DNS ASK fe####holubaro.com
- DNS ASK he###yheduf.com
- DNS ASK ho####mitajy.com
- DNS ASK le####jezociw.com
- DNS ASK he###ixiru.com
- DNS ASK bi####qojivu.com
- DNS ASK pa####kavygaj.com
- DNS ASK wi###ypihag.com
- DNS ASK jy####fyhulora.com
- DNS ASK ci####cuqekexo.com
- DNS ASK te####ter-th4j.com
- DNS ASK su###evebat.com
- DNS ASK wa####qohuli.com
- DNS ASK gi###eceta.com
- DNS ASK le####vasezo.com
- DNS ASK si####qilugoq.com
- DNS ASK ci####rijugeg.com
- DNS ASK fo####wupode.com
- DNS ASK xu###acaqy.com
- DNS ASK ti###uqel.com
- DNS ASK zy####wodojyx.com
- DNS ASK za####tahuryp.com
- ClassName: 'msascui_class' WindowName: ''
- ClassName: 'Indicator' WindowName: ''