Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Live' = '%TEMP%\winini.exe'
- cvtres.exe
- %TEMP%\winini.exe
- %TEMP%\cvtres.exe
- 'th#####ewox.no-ip.org':1604
- DNS ASK th#####ewox.no-ip.org
- '%TEMP%\winini.exe'
- '%TEMP%\cvtres.exe'