Technical Information
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\MSWINSCK.OCX"
- %TEMP%\~DF0A8B.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\list[1].ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\ip.woai310[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\ip.woai310[1]
- <SYSTEM32>\MSWINSCK.OCX
- %TEMP%\~DF08A3.TMP
- %TEMP%\~DF0B8C.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\<Virus name>[1].ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\ip.woai310[1]
- 'up####.woai310.com':80
- 'ip.##ai310.com':80
- 'localhost':1037
- 'co####.woai310.com':80
- ip.##ai310.com/
- up####.woai310.com/count/list.ini
- co####.woai310.com/<Auxiliary name>.ini
- DNS ASK ip.##ai310.com
- DNS ASK up####.woai310.com
- DNS ASK co####.woai310.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''