Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RegAsm' = '"ApplicationData\RegAsm.exe.exe"'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %APPDATA%\23EF5514-3059-436F-A4A7-4CEFAAB20EB1\run.dat
- 'localhost':12142
- '20#.#54.213.157':12142
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'