Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\sI4Wa6a4uBLHXWZ.lnk
- '<SYSTEM32>\cmd.exe' /c del <Full path to virus> >> NUL
- %ProgramFiles%\y6qOCYLylBvw78p.exe
- 'hi###mps.com':80
- 'localhost':1038
- http://hi###mps.com/images/info.php?g=############################
- DNS ASK hi###mps.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''