Technical Information
- %APPDATA%\iexplore.exe
- <SYSTEM32>\cmd.exe /c %TEMP%\Del.bat
- %TEMP%\keybyd
- %TEMP%\syslog.dat
- <SYSTEM32>\srvlic
- %APPDATA%\iexplore.exe
- %TEMP%\Del.bat
- from %TEMP%\keybyd to %TEMP%\keybyd.dat
- from <SYSTEM32>\srvlic to <SYSTEM32>\srvlic.dll
- from <Full path to virus> to %TEMP%\test.dat
- 'localhost':80
- '<Private IP address>':80