Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\ApplicationService] 'Start' = '00000002'
- '%WINDIR%\Temp\application\<Virus name>.exe'
- '%TEMP%\application\<Virus name>.exe'
- %WINDIR%\Temp\application\<Virus name>.exe
- %TEMP%\application\<Virus name>.exe
- from %TEMP%\application\<Virus name>.exe to %TEMP%\application\uttB6B.tmp
- from <Full path to virus> to <Current directory>\uttB6B.tmp
- '46.#.123.106':80
- 46.#.123.106/installerexjson1902.php