Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\storage] 'Start' = '00000002'
- '%TEMP%\_ir_sf7_temp_0\irsetup.exe' "__IRAFN:<Current directory>\<Virus name>.tmp"
- '<SYSTEM32>\UnicodeEx.exe'
- '<Current directory>\<Virus name>.tmp'
- '<SYSTEM32>\svchost.exe' -k storage
- %TEMP%\_ir_sf7_temp_0\dllinstall.bat
- %TEMP%\_ir_sf7_temp_0\IRIMG3.JPG
- %WINDIR%\inf\isvc.PNF
- %TEMP%\_ir_sf7_temp_0\usp10.dll
- %WINDIR%\Temp\STZC.TMP
- %TEMP%\_ir_sf7_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf7_temp_0\irsetup.exe
- <SYSTEM32>\UnicodeEx.exe
- <Current directory>\<Virus name>.tmp
- %TEMP%\_ir_sf7_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- <SYSTEM32>\STRUNLIB.DLL
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- 'ds####h.dyndns.org':80
- 'ch####p.dyndns.org':80
- 'dn#####in.dyndns.org':443
- 'pb#######l.dyndns-office.com':53
- ch####p.dyndns.org/
- DNS ASK ds####h.dyndns.org
- DNS ASK ch####p.dyndns.org
- DNS ASK dn#####in.dyndns.org
- DNS ASK pb#######l.dyndns-office.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'