Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<Virus name>.exe' = '<Full path to virus>'
- <Current directory>\Configs.txt
- 'ca####tas.com.br':80
- '<Private IP address>':80
- 'br###com.com.br':80
- 'www.br####ing.com.br':80
- ca####tas.com.br/images/configs.txt
- www.br####ing.com.br/txt/configs.txt
- br###com.com.br/logs/logs.txt
- DNS ASK ca####tas.com.br
- DNS ASK www.br####ing.com.br
- DNS ASK br###com.com.br
- ClassName: 'Indicator' WindowName: ''