Technical Information
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\run] 'WinDirectSocket32' = '%WINDIR%\WDS32.exe'
- [<HKCU>\software\microsoft\windows\currentversion\run] 'WinDirectSocket32' = '%WINDIR%\WDS32.exe'
- %WINDIR%\wds32.tmp
- <Current directory>\logfile.txt
- from %WINDIR%\wds32.tmp to %WINDIR%\wds32.exe
- %WINDIR%\wds32.tmp
- 'ir#.##eenode.net':6667
- DNS ASK google.com
- DNS ASK ir#.##eenode.net
- '%WINDIR%\syswow64\cmd.exe' /c rename "%WINDIR%\WDS32.tmp" WDS32.exe