Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SeWin27] 'ImagePath' = 'C:\system16\svwinse27.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SeWin27] 'Start' = '00000002'
- 'C:\system16\svwinse27.exe'
- C:\system16\svwinse28.exe
- C:\system16\svwinse27.exe
- 'gr#####adowservices.com':80
- http://gr#####adowservices.com/scripts/swfobject/source/com/deconcept/expressinstall/fkBktj.php
- DNS ASK gr#####adowservices.com