Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSN Messenger' = '<SYSTEM32>\Activate.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'MSN Messenger' = '<SYSTEM32>\Activate.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSN Messenger' = '<SYSTEM32>\Activate.exe'
- <SYSTEM32>\Activate.exe
- <SYSTEM32>\Activate.exe
- <Full path to file>
- 'ma####.artofown.com':20
- DNS ASK ma####.artofown.com
- '<SYSTEM32>\Activate.exe' 68 "<Full path to file>"