Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\msamger] 'Start' = '00000002'
- '<SYSTEM32>\msiexec.exe'
- '<SYSTEM32>\svchost.exe' -k msamger
- <SYSTEM32>\msiexec.exe
- %TEMP%\ms_okd.dll
- from %TEMP%\ms_okd.dll to <SYSTEM32>\SPmsamger.dll
- '17#.#6.0.100':1234