Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2511CD' = '%WINDIR%\Config\autorun.exe'
- '<SYSTEM32>\dumprep.exe' 2864 -dm 7 7 %TEMP%\WER3308.dir00\<Virus name>.exe.hdmp 16325836412027492
- '<SYSTEM32>\dumprep.exe' 2864 -dm 7 7 %TEMP%\WER3308.dir00\<Virus name>.exe.mdmp 16325836412027472
- %TEMP%\WER3308.dir00\<Virus name>.exe.hdmp
- %TEMP%\WER3308.dir00\appcompat.txt
- %TEMP%\WER3308.dir00\manifest.txt
- %TEMP%\WER3308.dir00\<Virus name>.exe.mdmp
- %WINDIR%\Config\autorun.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\n09230945[1].asp
- %WINDIR%\Config\ExtIP.info
- %WINDIR%\Config\autorun.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\n09230945[1].asp
- 'cr###-bg.co.cc':21
- 'wh###smyip.com':80
- wh###smyip.com/automation/n09230945.asp
- DNS ASK cr###-bg.co.cc
- DNS ASK wh###smyip.com
- ClassName: '(null)' WindowName: 'HIDE'