Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'smss' = '%WINDIR%\Cursors\smss.exe'
- <Drive name for removable media>:\007.exe
- bdagent.exe
- zlclient.exe
- AVP.EXE
- outpost.exe
- %WINDIR%\Cursors\smss.exe
- <Drive name for removable media>:\007.exe
- 'ir#.xor.cx':6667
- DNS ASK ir#.xor.cx
- '<Private IP address>':1035
- ClassName: 'Indicator' WindowName: ''