Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\DHZ] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\DHZ] 'ImagePath' = '%ALLUSERSPROFILE%\DHZ\RsTray.exe'
- %TEMP%\comserv.dll
- %TEMP%\comserv.dll.url
- %TEMP%\RsTray.exe
- %TEMP%\start.exe
- %ALLUSERSPROFILE%\DHZ\comserv.dll
- %ALLUSERSPROFILE%\DHZ\comserv.dll.url
- %ALLUSERSPROFILE%\DHZ\RsTray.exe
- %ALLUSERSPROFILE%\SxS\bug.log
- %ALLUSERSPROFILE%\DHZ\comserv.dll
- %ALLUSERSPROFILE%\DHZ\comserv.dll.url
- %ALLUSERSPROFILE%\DHZ\RsTray.exe
- <Full path to file>
- %TEMP%\start.exe
- %TEMP%\RsTray.exe
- '10#.#01.120.34':21
- '10#.#01.120.34':443
- '10#.#01.120.34':21
- '10#.#01.120.34':443
- '%TEMP%\start.exe'
- '%TEMP%\RsTray.exe'
- '%ALLUSERSPROFILE%\DHZ\RsTray.exe'
- '<SYSTEM32>\svchost.exe' 201 0
- '<SYSTEM32>\msiexec.exe' 209 2952