Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'NetWire' = '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D3O0500P-O2L0-VDE6-T156-602Y722X51O6}] 'StubPath' = '"%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"'
- %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
- %TEMP%\ixp000.tmp\dogk.exe
- %TEMP%\ixp000.tmp\qemzh
- %WINDIR%\microsoft.net\framework\v4.0.30319\.identifier
- %WINDIR%\microsoft.net\framework\v4.0.30319\.identifier
- %TEMP%\ixp000.tmp\qemzh
- %TEMP%\ixp000.tmp\dogk.exe
- DNS ASK ha#####i200.nhlfan.net
- '%TEMP%\ixp000.tmp\dogk.exe' QEMZH
- '%TEMP%\ixp000.tmp\dogk.exe' QEMZH' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe'