Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'VMware System' = '%ProgramFiles%\Google\google.exe'
- %WINDIR%\server.exe
- %WINDIR%\syswow64\åúῸäãü.exe
- %ProgramFiles%\google\google.exe
- %WINDIR%\syswow64\cfg.ini
- %WINDIR%\syswow64\åúῸäãü.exe
- http://11#.##.19.40:8888/down/A8rH4ZaUYiM1 via 11#.#5.19.40
- '%WINDIR%\server.exe'
- '%WINDIR%\syswow64\åúῸäãü.exe'