Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\MsSecurity1.209.4] 'Start' = '00000002'
- %WINDIR%\<Virus name>.exe service
- %WINDIR%\<Virus name>.exe i
- %TEMP%\WER1401.dir00\<Virus name>.exe.hdmp
- %TEMP%\WER1401.dir00\appcompat.txt
- %TEMP%\WER1401.dir00\manifest.txt
- %WINDIR%\muotr.so
- %WINDIR%\<Virus name>.exe
- %TEMP%\WER1401.dir00\<Virus name>.exe.mdmp
- %WINDIR%\muotr.so
- 'www.tr###change.com':80
- www.tr###change.com/getuid.php?ai#########
- DNS ASK www.tr###change.com