Technical Information
- [<HKLM>\SYSTEM\ControlSet003\Services\wpeqcq] 'start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\wpeqcq] 'start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\wpeqcq] 'Start' = '00000002'
- C:\1.exe
- <SYSTEM32>\svchost.exe -k wpeqcq
- <SYSTEM32>\nbpjnx.dll
- <SYSTEM32>\0004fa70.iNi
- C:\1.exe
- C:\1.exe
- '<Private IP address>':8080
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''