Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\riodrv32] 'Start' = '00000001'
- <LS_APPDATA>\Microsoft\Windows\netui.dll
- <LS_APPDATA>\Microsoft\Windows\riodrv32.sys
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\DSS\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_ffcb838e-6d3b-4e44-a259-8ac8f5c94c4f
- <Current directory>\~temp~reg~s
- <Current directory>\~temp~reg~r
- <LS_APPDATA>\Microsoft\Windows\ISUN16.EXE
- <Current directory>\~temp~reg~r
- <Current directory>\~temp~reg~s
- 'fg#####691976.gicp.net':9418
- DNS ASK fg#####691976.gicp.net