Technical Information
- %WINDIR%\Temp\st418642.tmp (downloaded from the Internet) /S /PS=000009d8 /NM=dd3eca1cb10f8bed4fc2329bb25dd4345af773ec56b52487fd50b31a80f45fbd1b9a0a64f14fb72c4ae763dc46a51477ed40a21d8ffc65d22ba61728bb4aba158cf253cce272ff6ccf479aeb81ea5ab52898bc41a70192f95ac330930c75e04c8bfb5fcf34cb04b42288
- %WINDIR%\Temp\st418642.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mine_setupfile.v2[1].php
- <Full path to virus>
- from <Full path to virus> to %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\17172_.txt
- 'de#####.modernplus.net':80
- 'localhost':1035
- de#####.modernplus.net/mine_setupfile.v2.php?di#####################
- DNS ASK de#####.modernplus.net
- '<Private IP address>':1036