Technical Information
- '%PROGRAM_FILES%\Microsoft Services\symgr.exe'
- %PROGRAM_FILES%\Microsoft Services\symgr.exe
- <Full path to virus>
- from <Full path to virus> to %TEMP%\3476
- 'li##s.tk':80
- 'wp#d':80
- li##s.tk/run.php?us####################################################
- wp#d/wpad.dat
- DNS ASK li##s.tk
- DNS ASK wp#d