Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Client Server Runtime Process' = '%APPDATA%\csrss.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Host-process Windows (Rundll32.exe)' = '%APPDATA%\rundll32.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Service Host Process for Windows' = '%APPDATA%\svchost.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Host-process Windows (Rundll3.exe)' = '<SYSTEM32>\rundll3.exe'
- %APPDATA%\csrss.exe
- %APPDATA%\rundll32.exe
- %APPDATA%\svchost.exe
- <SYSTEM32>\rundll3.exe
- %APPDATA%\csrss.exe
- %APPDATA%\rundll32.exe
- %APPDATA%\svchost.exe
- <SYSTEM32>\rundll3.exe
- DNS ASK sm##.gmail.com
- DNS ASK pl##.###p.mail.yahoo.com
- '%APPDATA%\csrss.exe'
- '%APPDATA%\rundll32.exe'
- '%APPDATA%\svchost.exe'
- '<SYSTEM32>\rundll3.exe'
- '%APPDATA%\csrss.exe' ' (with hidden window)
- '%APPDATA%\rundll32.exe' ' (with hidden window)
- '%APPDATA%\svchost.exe' ' (with hidden window)
- '<SYSTEM32>\rundll3.exe' ' (with hidden window)