Technical Information
- '%PROGRAM_FILES%\Microsoft Services\symgr.exe'
- %PROGRAM_FILES%\Microsoft Services\symgr.exe
- <Full path to virus>
- from <Full path to virus> to %TEMP%\6435
- 'bl###rag0n.pw':80
- 'wp#d':80
- bl###rag0n.pw/run.php?us####################################################
- wp#d/wpad.dat
- DNS ASK bl###rag0n.pw
- DNS ASK wp#d