Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Google Earth' = '<Full path to virus>'
- %TEMP%\clr.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\clr.bat""
- %TEMP%\clr.bat
- %TEMP%\clr.exe
- %TEMP%\clr.txt
- 'co#####66.servebeer.com':13035
- 'te######e.servehalflife.com':13036
- 'te######e.servehalflife.com':13035
- DNS ASK co#####66.servebeer.com
- DNS ASK te######e.servehalflife.com
- '<Private IP address>':1036
- ClassName: 'Indicator' WindowName: ''