Technical Information
- %APPDATA%\iexplore.exe
- <SYSTEM32>\ping.exe 127.1
- <SYSTEM32>\cmd.exe /c %TEMP%\Del.bat
- %TEMP%\keybrd
- %TEMP%\syslog.dat
- <SYSTEM32>\srvlic
- %APPDATA%\iexplore.exe
- %TEMP%\Del.bat
- %TEMP%\keybrd.dat
- from <Full path to virus> to %TEMP%\test.dat
- 'localhost':80
- '<Private IP address>':80
- ClassName: 'Progman' WindowName: 'Program Manager'