Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'DCOM Server 60787' = '{2C1CD3D7-86AC-4068-93BC-A02304B60787}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] '{2C1CD3D7-86AC-4068-93BC-A02304B60787}' = 'DCOM Server 60787'
- <SYSTEM32>\rundll32.exe "<SYSTEM32>\wvhql.dll",run
- <SYSTEM32>\wvhql.dll
- '66.#.199.96':60787