Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'DoLinqToSql' = '%PROGRAMDATA%\Containment\WormContainment.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\sharx.exe
- %PROGRAMDATA%\containment\wormcontainment.exe
- 'en##nl.ru':443
- DNS ASK en##nl.ru
- '%PROGRAMDATA%\containment\wormcontainment.exe'