Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{X222D4B7-H5N0-C2V1-R3G5-C4G8S6Y6D2H0}] 'StubPath' = '"%APPDATA%\6379.exe"'
- User Account Control (UAC)
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\Serverdw[1].exe
- %APPDATA%\6379.exe
- from <Full path to virus> to %TEMP%\ADTMP
- '86.#8.1.100':80
- 'localhost':1037
- 86.#8.1.100/phpuploads/DL/Serverdw.exe