Technical Information
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\count[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\down[1].txt
- %TEMP%\MoonHare_vip.tmp
- %ALLUSERSPROFILE%\Documents\My Videos\DoWnFile.log
- from <Full path to virus> to %ALLUSERSPROFILE%\Documents\My Videos\Vanatq.tmp
- 'wu####96.3322.org':80
- 'localhost':1035
- wu####96.3322.org/123/down.txt
- wu####96.3322.org/123/count.asp?us####################################################################################################################
- DNS ASK wu####96.3322.org