Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Virus name>' = '<Full path to virus>'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ckconfigs[1].jpg
- <Current directory>\ckconfigs.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ckconfigs[1].jpg
- <Current directory>\ckconfigs.txt
- 'www.ju########assecadobrasil.hpg.com.br':80
- 'www.fu########xaonacional.hpg.com.br':80
- 'localhost':1036
- www.ju########assecadobrasil.hpg.com.br/ckconfigs.jpg
- www.fu########xaonacional.hpg.com.br/ckconfigs.jpg
- DNS ASK www.ju########assecadobrasil.hpg.com.br
- DNS ASK www.fu########xaonacional.hpg.com.br
- '<Private IP address>':1037