Technical Information
- [<HKLM>\SYSTEM\ControlSet003\Services\daitdw] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\daitdw] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\daitdw] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k daitdw
- <SYSTEM32>\bwused.sco
- <SYSTEM32>\bwused.dll
- <SYSTEM32>\0004ba78.sys
- 'wo#####tar10.3322.org':80
- wo#####tar10.3322.org/151294.jsp
- wo#####tar10.3322.org/132901.jsp
- wo#####tar10.3322.org/107309.jsp
- DNS ASK wo#####tar10.3322.org
- '<Private IP address>':1035