Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Persistence ! Up' = '<Full path to virus>'
- <Full path to virus>
- 'sq#######.is-an-engineer.com':1433
- 'sq#######.is-an-engineer.com,1433':445
- 'sm##.###halzinho.sc.gov.br':25
- 'db######st.lajeado2010.com':80
- http://db######st.lajeado2010.com/
- DNS ASK sq#######.is-an-engineer.com
- DNS ASK sq#######.is-an-engineer.com,1433
- DNS ASK sm##.###halzinho.sc.gov.br
- DNS ASK db######st.lajeado2010.com