Technical Information
- '<SYSTEM32>\srodadjh.exe' /pid=3012
- '<SYSTEM32>\dxbrsywk.exe'
- '<SYSTEM32>\cadrtrtg.exe'
- '<SYSTEM32>\qxrlzpuv.exe'
- '<SYSTEM32>\okyucbdq.exe'
- '<SYSTEM32>\pirbsijf.exe'
- '<SYSTEM32>\djbpcnsz.exe'
- '<SYSTEM32>\hrxjsnzx.exe'
- '<SYSTEM32>\ritmmfaz.exe'
- '<SYSTEM32>\qoeebvvz.exe'
- '%WINDIR%\smss.exe'
- '<SYSTEM32>\srodadjh.exe'
- '<SYSTEM32>\rainvfds.exe'
- '<SYSTEM32>\uggwjjcp.exe'
- '<SYSTEM32>\ohhdcvkx.exe'
- '<SYSTEM32>\ritmmfaz.exe' (downloaded from the Internet)
- '%WINDIR%\smss.exe' (downloaded from the Internet)
- <SYSTEM32>\svchost.exe
- ClassName: '(null)' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'GBDYLLO' WindowName: '(null)'
- ClassName: 'OLLYDBG' WindowName: '(null)'
- ClassName: 'FilemonClass' WindowName: '(null)'
- ClassName: 'pediy06' WindowName: '(null)'
- <SYSTEM32>\dxbrsywk.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cfile10.uf@14732049512864602C7E90[5].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cfile6.uf@131C6E48512846CF29D0E3[5].dll
- <SYSTEM32>\djbpcnsz.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\cfile10.uf@14732049512864602C7E90[5].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfile6.uf@131C6E48512846CF29D0E3[5].dll
- <SYSTEM32>\cadrtrtg.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cfile10.uf@14732049512864602C7E90[4].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cfile6.uf@131C6E48512846CF29D0E3[4].dll
- <SYSTEM32>\qxrlzpuv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\cfile10.uf@14732049512864602C7E90[4].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\cfile6.uf@131C6E48512846CF29D0E3[2].dll
- <SYSTEM32>\okyucbdq.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\cfile6.uf@131C6E48512846CF29D0E3[1].dll
- <SYSTEM32>\pirbsijf.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfile10.uf@14732049512864602C7E90[2].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfile10.uf@14732049512864602C7E90[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cfile10.uf@14732049512864602C7E90[6].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfile6.uf@131C6E48512846CF29D0E3[6].dll
- <SYSTEM32>\hrxjsnzx.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cfile6.uf@131C6E48512846CF29D0E3[6].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cfile6.uf@131C6E48512846CF29D0E3[7].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\cfile10.uf@14732049512864602C7E90[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cfile6.uf@131C6E48512846CF29D0E3[1].dll
- <SYSTEM32>\ritmmfaz.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cfile10.uf@14732049512864602C7E90[2].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfile6.uf@131C6E48512846CF29D0E3[2].dll
- <SYSTEM32>\qoeebvvz.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfile6.uf@131C6E48512846CF29D0E3[1].dll
- %WINDIR%\DGSpy.dll
- %WINDIR%\smss.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cfile10.uf@14732049512864602C7E90[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cfile6.uf@131C6E48512846CF29D0E3[3].dll
- <SYSTEM32>\rainvfds.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\cfile10.uf@14732049512864602C7E90[3].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfile6.uf@131C6E48512846CF29D0E3[4].dll
- <SYSTEM32>\uggwjjcp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cfile10.uf@14732049512864602C7E90[3].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cfile6.uf@131C6E48512846CF29D0E3[2].dll
- <SYSTEM32>\srodadjh.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\cfile10.uf@14732049512864602C7E90[2].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfile6.uf@131C6E48512846CF29D0E3[3].dll
- <SYSTEM32>\ohhdcvkx.exe
- <SYSTEM32>\djbpcnsz.exe
- <SYSTEM32>\dxbrsywk.exe
- <SYSTEM32>\qxrlzpuv.exe
- <SYSTEM32>\pirbsijf.exe
- <SYSTEM32>\okyucbdq.exe
- <SYSTEM32>\hrxjsnzx.exe
- <SYSTEM32>\cadrtrtg.exe
- <SYSTEM32>\srodadjh.exe
- <SYSTEM32>\ritmmfaz.exe
- <SYSTEM32>\qoeebvvz.exe
- <SYSTEM32>\uggwjjcp.exe
- <SYSTEM32>\rainvfds.exe
- <SYSTEM32>\ohhdcvkx.exe
- %TEMP%\~DFA91F.tmp
- %TEMP%\~DF74BC.tmp
- %TEMP%\~DF343C.tmp
- %TEMP%\~DFE016.tmp
- %TEMP%\~DFA0AF.tmp
- %TEMP%\~DF68E4.tmp
- %TEMP%\~DF108A.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\cfile6.uf@131C6E48512846CF29D0E3[2].dll
- %TEMP%\~DF60C5.tmp
- %TEMP%\~DF2F4F.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cfile6.uf@131C6E48512846CF29D0E3[6].dll
- %TEMP%\~DF768.tmp
- %TEMP%\~DFCA9E.tmp
- %TEMP%\~DF9A03.tmp
- %TEMP%\~DFD7B9.tmp
- %TEMP%\~DF24E1.tmp
- %TEMP%\~DFC7D0.tmp
- %TEMP%\~DF8F7D.tmp
- %TEMP%\~DF59FC.tmp
- %TEMP%\~DF1F5C.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfile6.uf@131C6E48512846CF29D0E3[1].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cfile10.uf@14732049512864602C7E90[1].exe
- %TEMP%\~DFB991.tmp
- %TEMP%\~DF84BB.tmp
- %TEMP%\~DFB9B.tmp
- %TEMP%\~DF3112.tmp
- %TEMP%\~DF1971.tmp
- %TEMP%\~DFDF9A.tmp
- %TEMP%\~DF6885.tmp
- 'localhost':1079
- 'localhost':1080
- 'localhost':1084
- 'localhost':1075
- 'localhost':1069
- 'localhost':1071
- 'localhost':1074
- 'localhost':1095
- 'localhost':1099
- 'localhost':1100
- 'localhost':1094
- 'localhost':1085
- 'localhost':1089
- 'localhost':1090
- 'localhost':1065
- 'localhost':1040
- 'localhost':1044
- 'localhost':1046
- 'localhost':1039
- 'localhost':1035
- 'up#####ii.tistory.com':80
- 'bl##.naver.com':80
- 'localhost':1059
- 'localhost':1060
- 'localhost':1064
- 'localhost':1056
- 'localhost':1049
- 'localhost':1051
- 'localhost':1054
- bl##.naver.com/PostView.nhn?bl################################################################################################################################################################################################
- up#####ii.tistory.com/attachment/cfile10.uf@14732049512864602C7E90.exe
- up#####ii.tistory.com/attachment/cfile6.uf@131C6E48512846CF29D0E3.dll
- DNS ASK bl##.naver.com
- DNS ASK up#####ii.tistory.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '18467-41' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'