Technical Information
- [<HKLM>\System\CurrentControlSet\Services\orofqa] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\orofqa] 'ImagePath' = '<SYSTEM32>\svchost.exe -k orofqa'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\orofqa\Parameters] 'ServiceDll' = '%CommonProgramFiles(x86)%\Microsoft Shared\orofqa.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\orofqa\Parameters] 'ServiceDll' = '%CommonProgramFiles(x86)%\Microsoft Shared\orofqa.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\orofqa] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\orofqa\Parameters] 'ServiceDll' = '%CommonProgramFiles(x86)%\Microsoft Shared\orofqa.dll'
- [<HKLM>\SYSTEM\ControlSet002\Services\orofqa] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet003\Services\orofqa\Parameters] 'ServiceDll' = '%CommonProgramFiles(x86)%\Microsoft Shared\orofqa.dll'
- [<HKLM>\SYSTEM\ControlSet003\Services\orofqa] 'Start' = '00000002'
- 'orofqa' <SYSTEM32>\svchost.exe -k orofqa
- %TEMP%\orofqa.dll
- %CommonProgramFiles(x86)%\microsoft shared\orofqa.dll
- %TEMP%\orofqa.dll
- '10#.#8.42.117':8888
- ClassName: 'MS_WINHELP' WindowName: ''
- '%WINDIR%\syswow64\svchost.exe' -k orofqa