Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = 'C:\InstallDir\Server.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = 'C:\InstallDir\Server.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{206I3566-O172-8104-P2L4-8GFL626HT8T8}] 'StubPath' = 'C:\InstallDir\Server.exe restart'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{206I3566-O172-8104-P2L4-8GFL626HT8T8}] 'StubPath' = 'C:\InstallDir\Server.exe'
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\taskgen.exe
- C:\installdir\server.exe
- C:\installdir\server.exe
- DNS ASK ha#####os008.ddns.net
- '%TEMP%\taskgen.exe'
- '%WINDIR%\syswow64\svchost.exe'
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'