Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\VolStart] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\VolStart] 'ImagePath' = '<DRIVERS>\svchost.exe'
- <SYSTEM32>\ntsvc.ocx
- <DRIVERS>\svchost.exe
- 'mi#######.update.serveftp.net':80
- http://mi#######.update.serveftp.net/rsetup.exe
- DNS ASK mi#######.update.serveftp.net
- '<DRIVERS>\svchost.exe'
- '<SYSTEM32>\regsvr32.exe' <SYSTEM32>\ntsvc.ocx /s