Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinDLL (service.exe)' = 'service.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'SysRun' = '{D7FFD784-5276-42D1-887B-00267870A4C7}'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\wininet.exe' = '<SYSTEM32>\wininet.exe:*:Enabled:Windows XP Update'
- %WINDIR%\service.exe
- <SYSTEM32>\winint.exe
- <SYSTEM32>\wininet.exe
- <SYSTEM32>\winint.exe
- %WINDIR%\service.exe
- %APPDATA%\Microsoft\Address Book\%USERNAME%.wab
- <SYSTEM32>\wininet.exe
- <SYSTEM32>\svshost.dll
- '77.##0.178.212':2327
- '67.##7.137.176':443
- 'ni##mk.com':80
- ni##mk.com?dd######################################################################
- ni##mk.com?dd################
- DNS ASK co#
- DNS ASK gm######tp-in.l.google.com
- DNS ASK mx#.mail.ru
- DNS ASK ni##mk.com
- '<Private IP address>':1036