Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SeWin32] 'ImagePath' = 'C:\system16\svwinse32.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SeWin32] 'Start' = '00000002'
- 'C:\system16\svwinse32.exe'
- C:\system16\svwinse64.exe
- C:\system16\svwinse32.exe
- 'fi####jungkurth.de':80
- http://fi####jungkurth.de/GmrCww.php
- DNS ASK fi####jungkurth.de