Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'recovery' = '<SYSTEM32>\schdcplusb.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d7f312-b0f6-11d2-94ab-0080c33c7e95}] 'StubPath' = 'rundll32.exe <SYSTEM32>\themeuichk.dll,ThemesSetupInstallCheck'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\spoolcds] 'Name' = '<SYSTEM32>\spoolcds.dll'
- %WINDIR%\Tasks\SA.DAT
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\schdcplusb.exe
- <SYSTEM32>\svcsyssrv.exe
- %TEMP%\c1c6fa27-35c9-4abd-a6f9-74aacfe3826d
- <SYSTEM32>\idsysapi.exe
- <SYSTEM32>\rasctfcpl.ocx
- <SYSTEM32>\iddhcpmgr.exe
- %TEMP%\12de54e9-e20d-4c3a-ac9f-ab9b201f9727
- <SYSTEM32>\wmcpldsp.exe
- <SYSTEM32>\uisysobj.exe
- %TEMP%\cc864220-9099-4b4d-9e55-68dc0d729f05
- '82.##6.47.163':21