Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'comodo' = '%APPDATA%\comodo.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'services' = '%WINDIR%\SysWOW64\services.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'comodo' = '%APPDATA%\comodo.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'services' = '%WINDIR%\SysWOW64\services.exe'
- User Account Control (UAC)
- %TEMP%\aute8c1.tmp
- %TEMP%\mjorlti
- %APPDATA%\dragon.js
- %APPDATA%\dragon.js
- %TEMP%\aute8c1.tmp
- %TEMP%\mjorlti
- DNS ASK in#####.trampoarduo.com
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''