Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'win-explorer.exe' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{7A13DCCC-EEA4-EF59-5BA7-0FA714CBDAAD}] 'StubPath' = '<Full path to virus>'
- %WINDIR%\Explorer.EXE
- 'lo#####id.no-ip.info':3460
- DNS ASK lo#####id.no-ip.info