Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe, <SYSTEM32>\<Virus name>.exe'
- <SYSTEM32>\<Virus name>.exe
- <SYSTEM32>\<Virus name>.exe
- %TEMP%\~DFBDC0.tmp
- 'dj#.#o-ip.info':1121
- 'xb#####ez.no-ip.info':1121
- DNS ASK DJ#.#o-ip.info
- DNS ASK xb#####ez.no-ip.info
- ClassName: 'SysListView32' WindowName: 'Processes'
- ClassName: '#32770' WindowName: ''
- ClassName: '#32770' WindowName: 'Windows Task Manager'