Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\ksSharwdAccess] 'Start' = '00000002'
- %WINDIR%\Systom32\svchost.exe
- %WINDIR%\Systom32\Service.exe
- %WINDIR%\Systom32\svchost.exe
- %WINDIR%\Systom32\Service.exe
- 'ba####988.3322.org':9090
- DNS ASK ba####988.3322.org
- '<Private IP address>':1037
- '<Private IP address>':1035