Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '49U5T1N4' = '%WINDIR%\49U5T1N4.exe'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '<SYSTEM32>\COOLLM~1.SCR'
- ecmd.exe
- ClassName: 'ThunderRT6FormDC' WindowName: ''
- ClassName: '**' WindowName: ''
- ClassName: 'Indicator' WindowName: ''