Technical Information
- '' (downloaded from the Internet)
- <SYSTEM32>\update.exe
- <SYSTEM32>\cservice.exe
- <SYSTEM32>\removegb.sys
- 'localhost':1036
- 'se####-mode.info':80
- http://www.se####-mode.info/update/winupd.exe via se####-mode.info
- http://www.se####-mode.info/cservice/cservice.exe via se####-mode.info
- http://www.se####-mode.info/cservice/removegb.sys via se####-mode.info
- DNS ASK www.se####-mode.info
- '<SYSTEM32>\update.exe'
- '<SYSTEM32>\cservice.exe'