Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'King.exe' = '<SYSTEM32>\serv.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{CD7320FE-603A-4609-5E63-0738D8460F16}] 'StubPath' = '<SYSTEM32>\serv.exe'
- %WINDIR%\Explorer.EXE
- Idle
- <SYSTEM32>\serv.exe
- 'mi####213.no-ip.biz':802
- DNS ASK mi####213.no-ip.biz
- ClassName: '' WindowName: 'Network event'