Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{4QJL1JB0-X43N-1OE2-DK26-WIR0IEBJC41Y}] 'StubPath' = '<SYSTEM32>\svchort\Explorerr.exe Restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{4QJL1JB0-X43N-1OE2-DK26-WIR0IEBJC41Y}' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{4QJL1JB0-X43N-1OE2-DK26-WIR0IEBJC41Y}' = ''
- <SYSTEM32>\svchort\Explorerr.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\svchort\Explorerr.exe
- <SYSTEM32>\svchort\logs.dat
- %TEMP%\Spynet-Server.exe
- %TEMP%\WampServer2.0i.exe
- <SYSTEM32>\svchort\logs.dat
- %TEMP%\Spynet-Server.exe
- '??.##caldomain':81
- 'do###690.co.cc':81
- 'du###mbo.co.cc':81
- DNS ASK њ.###ldomain
- DNS ASK do###690.co.cc
- DNS ASK du###mbo.co.cc
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''