Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '502'5/2-3 qfrdq...
- C:\2.txt
- from <Full path to virus> to %PROGRAM_FILES%\svchost.exe
- '<Private IP address>':139
- '<Private IP address>':80
- 'any':2572
- '<Private IP address>':445