Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSN' = 'filenamehere.exe'
- %WINDIR%\filenamehere.exe
- <Full path to virus>
- %WINDIR%\filenamehere.exe
- %WINDIR%\filenamehere.exe
- %WINDIR%\images.zip
- %WINDIR%\filenamehere.exe
- 'ir#.#ourdns.com':6669
- DNS ASK ir#.#ourdns.com