Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Virus name>.exe' = '<Full path to virus>'
- %TEMP%\80EB2F5C
- 'fa#####master.com.br':80
- fa#####master.com.br/xeroso/infect.php
- DNS ASK fa#####master.com.br
- '<Private IP address>':1036