Technical Information
- <SYSTEM32>\svchost.exe <Full path to virus>
- %TEMP%\pusk.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\pusk[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\g[1].php
- 'hd##skh.net':80
- 'kk###ors.net':80
- hd##skh.net/pusk.exe
- kk###ors.net/f/g.php
- DNS ASK hd##skh.net
- DNS ASK kk###ors.net
- '<Private IP address>':1036
- '<Private IP address>':1035