Technical Information
- [\REGISTRY\USER\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] 'LanguagePack' = '<SYSTEM32>\regsvr32.exe /s "<Full path to file>"'
- [\REGISTRY\USER\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'LanguagePack' = '<SYSTEM32>\regsvr32.exe /s "<Full path to file>"'
- <SYSTEM32>\smss.exe
- <Current directory>\prefhist
- <Current directory>\once
- http://google.com/
- http://96.##.128.70/multi/check.php
- DNS ASK google.com