Technical Information
- [HKLM\System\CurrentControlSet\Services\inetsvr] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\inetsvr] 'ImagePath' = '%ProgramFiles%\Player.exe -K'
- 'inetsvr' %ProgramFiles%\Player.exe -K
- %TEMP%\se6142.tmp
- %ProgramFiles%\player.exe
- %TEMP%\se7454.tmp
- %ProgramFiles%\player.exe
- %TEMP%\se6142.tmp
- %TEMP%\se7454.tmp
- 'tk###.3322.org':8181
- DNS ASK tk###.3322.org
- ClassName: 'TAppBuilder' WindowName: ''
- '%ProgramFiles%\player.exe'
- '%ProgramFiles%\player.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c erase /F "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c erase /F "<Full path to file>"