Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Virus name>.exe' = '<Full path to virus>'
- %WINDIR%\iE.ini
- 'www.qu####agua.com.br':80
- www.qu####agua.com.br/site/atendimento.php
- DNS ASK www.qu####agua.com.br
- '<Private IP address>':1037
- ClassName: 'Indicator' WindowName: ''