Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{2044AB21-25D8-C735-0406-080102020702}] 'StubPATH' = '%WINDIR%\lsass.exe'
- '<SYSTEM32>\ntk.exe'
- %WINDIR%\Explorer.EXE
- %WINDIR%\lsass.exe
- <SYSTEM32>\ntk.exe
- <SYSTEM32>\ntk.exe
- 'ew####cv.008.net':1954
- 'qe####dgj.3322.org':1953
- DNS ASK ew####cv.008.net
- DNS ASK qe####dgj.3322.org