Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PHIME2002AB' = '<SYSTEM32>\Com\csc.vbs'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AhnLab V3Lite Tray Procesec' = '"<Full path to virus>"'
- %HOMEPATH%\Start Menu\Programs\Startup\msiexec.lnk
- <Full path to virus>
- <SYSTEM32>\msiexec.vbe
- <SYSTEM32>\config\ATIODE.bat
- %WINDIR%\Help\winhttp.reg
- <SYSTEM32><Virus name>.exe
- <DRIVERS>\MTConfog.exe
- <SYSTEM32>\Com\csc.vbs
- <SYSTEM32>\Com\csc.vbs
- <Full path to virus>
- 'ar####e.apnic.net':80
- ar####e.apnic.net/templates/ipv6man/?id##################
- DNS ASK ar####e.apnic.net
- '<Private IP address>':1035