Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Virus name>' = '<Full path to virus>'
- 'po#####moradianova.com':80
- po#####moradianova.com/modalfiles/index.php
- DNS ASK po#####moradianova.com
- '<Private IP address>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''