Technical Information
- %TEMP%\t1.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\t[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\o[1].php
- from <Full path to virus> to %TEMP%\~tt1.tmp
- 'wo#.#er-line.cn':80
- 'localhost':1036
- wo#.#er-line.cn/m/t
- wo#.#er-line.cn/p/o/o.php?2
- DNS ASK wo#.#er-line.cn
- '<Private IP address>':1037