Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Policies' = '<SYSTEM32>\install\server.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = '<SYSTEM32>\install\server.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '<SYSTEM32>\install\server.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '<SYSTEM32>\install\server.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}] 'StubPath' = '<SYSTEM32>\install\server.exe Restart'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}] 'StubPath' = '<SYSTEM32>\install\server.exe'
- %WINDIR%\Explorer.EXE
- server.exe
- <SYSTEM32>\install\server.exe
- %TEMP%\XX--XX--XX.txt
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %TEMP%\140953.tmp
- %APPDATA%\SQLite3.dll
- <SYSTEM32>\conf.ini
- <SYSTEM32>\install\server.exe
- %TEMP%\XX--XX--XX.txt
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- 'localhost':1037
- 'se##er.com':80
- 'ch#####x.justfree.com':80
- 'gr####.no-ip.biz':200
- 'gr####.no-ip.biz':2000
- http://www.se##er.com/sqlite3.dll via se##er.com
- http://ch#####x.justfree.com/arquivo.txt
- DNS ASK ch#####x.justfree.com
- DNS ASK www.se##er.com
- DNS ASK gr####.no-ip.biz
- '<Full path to file>'
- '<SYSTEM32>\install\server.exe'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'