Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{9E4CA169-C2E0-7E58-991F-818E70905685}] 'StubPath' = 'fxsui.exe'
- <SYSTEM32>\reg.exe add hklm\SYSTEM\CurrentControlSet\Services\secdrv /v imagepath /t REG_EXPAND_SZ /d system32\DRIVERS\Secdrv.sys /f
- <SYSTEM32>\reg.exe add hklm\SYSTEM\CurrentControlSet\Services\secdrv /v imagepath /t REG_EXPAND_SZ /d system32\49235.tmp /f
- %WINDIR%\Installer\20ed9e.msi
- <SYSTEM32>\fxsui.exe
- <SYSTEM32>\dllcache\wnfsdp4.dll
- %HOMEPATH%\51790.tmp
- %HOMEPATH%\Cookies\index16.dat
- %HOMEPATH%\Cookies\index16.dat
- <SYSTEM32>\49235.tmp
- '20#.#36.123.83':80