Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '<SYSTEM32>\InstallDir\Server.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '<SYSTEM32>\InstallDir\Server.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E8KQDQ2G-I15I-O750-D65Q-YUF1HWK2GF10}] 'StubPath' = '<SYSTEM32>\InstallDir\Server.exe restart'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E8KQDQ2G-I15I-O750-D65Q-YUF1HWK2GF10}] 'StubPath' = '<SYSTEM32>\InstallDir\Server.exe'
- %WINDIR%\syswow64\svchost.exe
- %WINDIR%\syswow64\installdir\server.exe
- 'mo#####9us.linkpc.net':442
- DNS ASK mo#####9us.linkpc.net
- '%WINDIR%\syswow64\svchost.exe'
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'