Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Service] 'Start' = '00000002'
- <SYSTEM32>\Server.exe
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\Deleteme.bat
- <SYSTEM32>\wupdmgr.exe
- <SYSTEM32>\Deleteme.bat
- <SYSTEM32>\W_Server.dll
- <SYSTEM32>\Server.exe
- 'hk###.3322.org':3937
- DNS ASK hk###.3322.org
- '<Private IP address>':1037