Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Virus name>.exe' = '<Full path to virus>'
- %WINDIR%\Explorer.EXE
- %TEMP%\ampere2.dat
- %TEMP%\aut1.tmp
- %TEMP%\aut1.tmp
- 'al###.dyndns.info':3086
- DNS ASK al###.dyndns.info
- ClassName: 'Indicator' WindowName: ''