Technical Information
- '<SYSTEM32>\wab.exe'
- '<SYSTEM32>\Systema.exe'
- '<SYSTEM32>\wab.exe' (downloaded from the Internet)
- '<SYSTEM32>\Systema.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c <Current directory>\<Virus name>.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wab[1].gif
- <SYSTEM32>\wab.exe
- <Current directory>\<Virus name>.bat
- <SYSTEM32>\down.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Systema[1].gif
- <SYSTEM32>\Systema.exe
- 'li#####aweb.sytes.net':80
- li#####aweb.sytes.net/files/wab.gif
- li#####aweb.sytes.net/files/Systema.gif
- DNS ASK li#####aweb.sytes.net