Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '<SYSTEM32>\InstallDir\explore.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '<SYSTEM32>\InstallDir\explore.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{PD2P6745-0SUE-8QQ6-PQ1K-1TD4F7S47FGU}] 'StubPath' = '<SYSTEM32>\InstallDir\explore.exe restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '%ProgramFiles(x86)%\Internet Explorer\iexplore.exe'
- %WINDIR%\syswow64\svchost.exe
- iexplore.exe
- %WINDIR%\syswow64\installdir\explore.exe
- DNS ASK ff.##tes.net
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'
- '%WINDIR%\syswow64\svchost.exe'