Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Trillian]
- [<HKLM>\Software\Wow6432Node\Miranda]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- [<HKCU>\Software\Microsoft\IdentityCRL]
- [<HKCU>\Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users]
- [<HKCU>\Software\America Online\AIM6\Passwords]
- [<HKCU>\Software\AIM\AIMPRO]
- [<HKCU>\Software\Yahoo\Pager]
- [<HKLM>\Software\Wow6432Node\Mirabilis\ICQ\NewOwners]
- [<HKCU>\Software\Mirabilis\ICQ\NewOwners]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKCU>\Software\Paltalk]
- %TEMP%\webbrowserpassview.exe
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\down[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\errorpagetemplate[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\background_gradient[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\info_48[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\bullet[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\down[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\info_48[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\bullet[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\errorpagestrings[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\down[2]
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020061620200617\index.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\navcancl[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\navcancl[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\httperrorpagesscripts[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\background_gradient[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\info_48[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\bullet[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\background_gradient[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\httperrorpagesscripts[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\errorpagestrings[1]
- %TEMP%\tre.txt
- %TEMP%\mspass.exe
- %TEMP%\m.txt
- %TEMP%\produkey.exe
- %TEMP%\produkey.txt
- %TEMP%\pk.txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\dnserrordiagoff_weboc[1]
- %TEMP%\opera.txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\dnserrordiagoff_weboc[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\errorpagestrings[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\httperrorpagesscripts[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\background_gradient[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\info_48[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\bullet[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\down[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\errorpagetemplate[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\errorpagetemplate[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\info_48[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\bullet[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\dnserrordiagoff_weboc[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\httperrorpagesscripts[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\bullet[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\info_48[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\errorpagestrings[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\navcancl[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\navcancl[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\down[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\bullet[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\info_48[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\background_gradient[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\errorpagetemplate[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\down[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\background_gradient[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\bullet[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\background_gradient[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\httperrorpagesscripts[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\errorpagestrings[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\errorpagetemplate[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\down[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\bullet[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\info_48[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\background_gradient[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\httperrorpagesscripts[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\errorpagestrings[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\errorpagetemplate[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\dnserrordiagoff_weboc[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\info_48[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\info_48[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\dnserrordiagoff_weboc[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\background_gradient[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\bullet[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\info_48[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\httperrorpagesscripts[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\errorpagestrings[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\errorpagetemplate[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\bullet[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\info_48[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\background_gradient[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\errorpagestrings[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\errorpagetemplate[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\navcancl[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\navcancl[1]
- %LOCALAPPDATA%\Microsoft\Windows\<INETFILES>\Content.IE5\BZJX5BKE\background_gradient[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\httperrorpagesscripts[1]
- %LOCALAPPDATA%\Microsoft\Windows\<INETFILES>\Content.IE5\0U8LPYU9\ErrorPageTemplate[1]
- %LOCALAPPDATA%\Microsoft\Windows\<INETFILES>\Content.IE5\BZJX5BKE\httpErrorPagesScripts[1]
- %LOCALAPPDATA%\Microsoft\Windows\<INETFILES>\Content.IE5\CAASBYCL\errorPageStrings[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\dnserrordiagoff_weboc[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\bullet[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\info_48[1]
- DNS ASK sa####-hosting.eu
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%TEMP%\webbrowserpassview.exe' /stext %TEMP%\Opera.txt
- '%TEMP%\mspass.exe' /stext %TEMP%\MS.txt
- '%TEMP%\produkey.exe' /stext %TEMP%\ProduKey.txt
- '%TEMP%\webbrowserpassview.exe' /stext %TEMP%\Opera.txt' (with hidden window)
- '%TEMP%\mspass.exe' /stext %TEMP%\MS.txt' (with hidden window)
- '%TEMP%\produkey.exe' /stext %TEMP%\ProduKey.txt' (with hidden window)