Technical Information
- '<SYSTEM32>\e.exe'
- '<Current directory>\dl.exe' http://59.##.79.202/images/log.jpg
- '<SYSTEM32>\e.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c <Current directory>\1.bat http://59.##.79.202/images/log.jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\log[1].jpg
- <SYSTEM32>\E.mdb
- <Current directory>\1.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mn[1].txt
- <Current directory>\dl.exe
- <Current directory>\dl.exe
- from <SYSTEM32>\E.mdb to <SYSTEM32>\e.exe
- 'localhost':1039
- '59.##.79.202':80
- 'localhost':1036
- 'in#.#15tom.cn':80
- 59.##.79.202/images/log.jpg
- in#.#15tom.cn/images/mn.txt
- DNS ASK in#.#15tom.cn