Technical Information
- [<HKLM>\System\CurrentControlSet\Services\3B5B2066] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\3B5B2066] 'ImagePath' = '<SYSTEM32>\3B5B2066.EXE -service'
- [<HKCU>\SYSTEM\CurrentControlSet\Services\3B5B2066] 'ImagePath' = '<SYSTEM32>\3B5B2066.EXE -service'
- %WINDIR%\syswow64\3b5b2066.exe
- %WINDIR%\syswow64\3b5b2066t.exe
- %WINDIR%\syswow64\delme.bat
- %WINDIR%\syswow64\3b5b2066.dll
- '%WINDIR%\syswow64\3b5b2066.exe' -service
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\delme.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\delme.bat