Technical Information
- '%TEMP%\2.tmp'
- '<SYSTEM32>\attrib.exe' -a -r -s -h "<Full path to virus>"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\4.tmp.bat" "<Full path to virus>""
- '<SYSTEM32>\cacls.exe' <SYSTEM32> /e /p everyone:f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\i[1].txt
- %TEMP%\3.tmp
- %TEMP%\4.tmp.bat
- <DRIVERS>\1.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- <DRIVERS>\1.tmp
- '1i#.in':80
- 'localhost':1038
- 1i#.in/i.txt
- DNS ASK 1i#.in