Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Install Programs] 'Start' = '00000002'
- %WINDIR%\Install.exe
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\net.exe stop sharedaccess
- %WINDIR%\Explorer.EXE
- %WINDIR%\KernelDLL.DLL
- %WINDIR%\HookKeyBoard.dll
- %WINDIR%\Kernel32.dat
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %WINDIR%\Install.exe
- %WINDIR%\KernelDLL.DLL
- %WINDIR%\Kernel32.dat
- %WINDIR%\Install.exe
- '<Private IP address>':5858
- ClassName: '' WindowName: 'DebugHelper '
- ClassName: '' WindowName: 'DT '