Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 'C:\iRemote\<Virus name>\<Virus name>.exe' = 'C:\iRemote\<Virus name>\<Virus name>.exe:*:Enabled:iRemote'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to virus>' = '<Full path to virus>:*:Enabled:iRemote'
- C:\iRemote\<Virus name>\<Virus name>.exe
- C:\iRemote\<Virus name>\Logs\<Virus name>-2864.log
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\lookup[1].htm
- C:\iRemote\<Virus name>\Logs\<Virus name>-2836.log
- C:\iRemote\<Virus name>\<Virus name>.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\lookup[1].htm
- 'ir####e.iyogi.net':80
- ir####e.iyogi.net/app/sessioninterface/lookup.htm?se##########
- DNS ASK ir####e.iyogi.net
- '<Private IP address>':1037
- ClassName: 'Shell_TrayWnd' WindowName: ''