Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\I00101046K] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k svchost
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\I00101046K\Parameters" /v ServiceDll /t REG_EXPAND_SZ /d "%PROGRAM_FILES%\UserData.dll" /f
- %PROGRAM_FILES%\UserData.dll
- 'k0####k70.ticp.net':1595
- DNS ASK k0####k70.ticp.net
- '<Private IP address>':1035