Technical Information
- %HOMEPATH%\Templates\svchost.exe
- <SYSTEM32>\cmd.exe /c "%TEMP%\Pers122875.bat"
- %HOMEPATH%\Templates\svchost.exe
- %TEMP%\Pers122875.bat
- %TEMP%\Per2.tmp
- <SYSTEM32>\Config.ini
- from <Full path to virus> to %TEMP%\PerSave122828.dat
- '<Private IP address>':0
- ClassName: 'Shell_TrayWnd' WindowName: ''