Technical Information
- [HKLM\System\CurrentControlSet\Services\examplemore] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\examplemore] 'ImagePath' = '"%WINDIR%\SysWOW64\examplemore.exe"'
- 'examplemore' "%WINDIR%\SysWOW64\examplemore.exe"
- 'examplemore' %WINDIR%\SysWOW64\examplemore.exe
- %WINDIR%\syswow64\examplemore.exe
- from <Full path to file> to %WINDIR%\syswow64\examplemore.exe
- '79.##9.120.103':8080
- '93.##.93.100':443
- http://93.##.93.100:443/ via 93.##.93.100