Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\LabelPrint] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\LabelPrint] 'ImagePath' = '%ALLUSERSPROFILE%\DRM\LabelPrint\Trial.exe'
- %TEMP%\Trial.exe
- %TEMP%\TrialRes.dll
- %TEMP%\TrialRes.dot
- %ALLUSERSPROFILE%\DRM\LabelPrint\Trial.exe
- %ALLUSERSPROFILE%\DRM\LabelPrint\TrialRes.dll
- %ALLUSERSPROFILE%\DRM\LabelPrint\Trial.exe
- %ALLUSERSPROFILE%\DRM\LabelPrint\TrialRes.dll
- <Full path to file>
- %TEMP%\Trial.exe
- %TEMP%\TrialRes.dll
- %TEMP%\TrialRes.dot
- '47.#0.90.25':443
- 'we#####.#encent-security.info':443
- DNS ASK we#####.#encent-security.info
- '%TEMP%\Trial.exe'
- '%ALLUSERSPROFILE%\DRM\LabelPrint\Trial.exe'
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\msiexec.exe'