Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CRNJEUFU-UPDATE' = '<Full path to virus>'
- 'cp#########com.web38.redehost.com.br':80
- cp#########com.web38.redehost.com.br/site1/index.php
- DNS ASK cp#########com.web38.redehost.com.br
- ClassName: 'Frame Tab' WindowName: ''
- ClassName: 'MozillaWindowClass' WindowName: ''
- ClassName: 'Chrome_WidgetWin_0' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: 'TabWindowClass' WindowName: ''
- ClassName: 'Internet Explorer_Server' WindowName: ''