%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\file2[1].exe
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\23CHAXSZ\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0YZLJ20S\desktop.ini
Sets the 'hidden' attribute to the following files:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0YZLJ20S\desktop.ini
<Drive name for removable media>:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
<Drive name for removable media>:\autorun.inf
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\23CHAXSZ\desktop.ini
<SYSTEM32>\kvzgmyr.dll
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IJBU4WF7\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TUSE347B\desktop.ini
Deletes the following files:
<SYSTEM32>\01.tmp
Network activity:
Connects to:
'wpad.localdomain':80
'<Private IP address>':139
'<Private IP address>':2370
'www.wh###smyip.org':80
'ch####p.dyndns.org':80
'www.ge##yip.org':80
'localhost':1040
'8s##ing.ru':80
'localhost':1038
'localhost':1047
'www.wh#####ipaddress.com':80
'<Private IP address>':445
TCP:
HTTP GET requests:
www.ge##yip.org/
ch####p.dyndns.org/
www.wh###smyip.org/
wpad.localdomain/wpad.dat
8s##ing.ru/file1.exe
8s##ing.ru/file2.exe
www.wh#####ipaddress.com/
UDP:
DNS ASK www.ge##yip.org
DNS ASK ch####p.dyndns.org
DNS ASK www.wh###smyip.org
DNS ASK wpad.localdomain
DNS ASK 8s##ing.ru
DNS ASK www.wh#####ipaddress.com
'23#.#55.255.250':1900
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more