Technical Information
- '%WINDIR%\WinSxS\Install.db' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c del <Full path to virus> > nul
- %WINDIR%\WinSxS\Install.db
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].jpg
- %WINDIR%\WinSxS\msiexec.exe
- %WINDIR%\WinSxS\Install.db
- '18#.#1.162.11':99
- '98.##6.83.66':80
- 'localhost':1036
- http://98.##6.83.66/new/1.jpg