Technical Information
- [<HKLM>\System\CurrentControlSet\Services\10400] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\10400] 'ImagePath' = '%WINDIR%\system\104000.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '\' = '%WINDIR%\system\104000.exe:*:Enabled:KL'
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar]
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar]
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar]
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar]
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar]
- [<HKCU>\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar]
- [<HKCU>\Software\RIT\The Bat!]
- %WINDIR%\web\result.dark
- %WINDIR%\web\ddid
- %WINDIR%\web\ddnm
- %WINDIR%\web\ddsn
- %WINDIR%\system\104000.exe
- '%WINDIR%\system\104000.exe' /start
- '%WINDIR%\system\104000.exe'