Technical Information
- <Full path to virus> (downloaded from the Internet)
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-1275210071-117609710-1801674531-500\c6910c0794bde7654ea46853b6626652_ffcb838e-6d3b-4e44-a259-8ac8f5c94c4f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\xiaoniu[1].dll
- %APPDATA%\Microsoft\Protect\S-1-5-21-1275210071-117609710-1801674531-500\836ace08-3c2b-4638-a63d-fc8b4d0eb5ee
- <Full path to virus>
- %TEMP%\{67E38F0D-3823-4250-BE18-C0EA75E07FEA}\_ispackdel.ini
- <Full path to virus>
- from %TEMP%\<Virus name>.exe1 to <Full path to virus>
- from <Full path to virus> to %TEMP%\<Virus name>.exe1
- 'v.##o63.com':80
- 'localhost':1037
- v.##o63.com/xiaoniu.dll
- DNS ASK v.##o63.com