Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\<Virus name>.exe
- '%APPDATA%\<Virus name>.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ilasm.exe' "%APPDATA%\<Virus name>.il"
- %APPDATA%\<Virus name>.pdb
- %APPDATA%\<Virus name>.exe
- %APPDATA%\<Virus name>.il
- %APPDATA%\FTP
- %APPDATA%\<Virus name>.pdb
- %APPDATA%\<Virus name>.il
- 'hh###.hfjgj.com':21
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK hh###.hfjgj.com
- DNS ASK wp#d