Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\clr_optimization_v2.1.434586_32] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\clr_optimization_v2.1.434586_32] 'ImagePath' = '%ALLUSERSPROFILE%\NET\mscorsvw.exe "1908"'
- <SYSTEM32>\msiexec.exe
- <SYSTEM32>\svchost.exe
- iexplore.exe
- %TEMP%\msvcr110.dll
- %TEMP%\msvcr110.dat
- %TEMP%\coInit.exe
- %ALLUSERSPROFILE%\NET\msvcr110.dll
- %ALLUSERSPROFILE%\NET\msvcr110.dat
- %ALLUSERSPROFILE%\NET\mscorsvw.exe
- 'fb.######koffice365online.com':443
- '20#.#1.85.66':8080
- '<LOCALNET>.0.2':0
- DNS ASK fb.######koffice365online.com
- '%TEMP%\coInit.exe' 1904
- '%ALLUSERSPROFILE%\NET\mscorsvw.exe' "1907"
- '%ALLUSERSPROFILE%\NET\mscorsvw.exe' "1908"
- '<SYSTEM32>\msiexec.exe' "1910"
- '<SYSTEM32>\msiexec.exe' "1911"
- '<SYSTEM32>\svchost.exe' "1912" "%ALLUSERSPROFILE%\NET\msvcr110.dat"