Technical Information
- '<SYSTEM32>\cmd.exe' /c C:\PHL.BAT
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\io[4].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\io[3].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\io[3].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\io[4].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\io[4].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\io[4].php
- C:\PHL.ini
- C:\PHL.BAT
- <SYSTEM32>\SuperEC_Hook.dll
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\io[3].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\io[3].php
- C:\kss.ini
- C:\PHL.BAT
- from <Full path to file> to <Current directory>\FCD78.exe
- 'localhost':1039
- 'www.d3##g.com':80
- 'localhost':1036
- http://www.d3##g.com/kss_api/io.php?a=#####################################################################
- http://www.d3##g.com/kss_api/io.php?a=######################################################################
- DNS ASK www.d3##g.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '<File name>.exe'