Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\1846799] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k 1846799
- %WINDIR%\vbcfg.ini
- %PROGRAM_FILES%\MSN\Setup.dll
- %WINDIR%\windows.dat
- %TEMP%\nsg2.tmp
- %TEMP%\Thunder.exe
- <SYSTEM32>\0PKX95.pic
- %TEMP%\Thunder.exe
- %WINDIR%\vbcfg.ini
- %WINDIR%\windows.dat
- 'aa####7900.gicp.net':8800
- DNS ASK aa####7900.gicp.net