Technical Information
- [<HKLM>\System\CurrentControlSet\Services\MYSSQL Defghijk Service Name] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\MYSSQL Defghijk Service Name] 'ImagePath' = '<SYSTEM32>\svchost.exe -k imgsvc'
- 'MYSSQL Defghijk Service Name' <SYSTEM32>\svchost.exe -k imgsvc
- '%WINDIR%\syswow64\taskkill.exe' /f /im Ksafetray.exe
- %WINDIR%\system\prefetch2050400.dll
- %ProgramFiles%\nt_path.gif
- C:\net-mysql.sql
- %WINDIR%\system\myssql.log
- %WINDIR%\system\myssql.log
- C:\net-mysql.sql
- C:\net-mysql.sql
- DNS ASK so###uweb.com
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\taskkill.exe' /f /im Ksafetray.exe' (with hidden window)