Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TCEM-MLF' = '"<Full path to file>" mode=server'
- [<HKCU>\Software\Classes\TCEM\shell\open\command] '' = '"<Full path to file>" -- "%1"'
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\104[1]
- %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\cert_override.txt
- %APPDATA%\tcemlog\mlf_tcemlog_20201013.log
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK op#####t.twca.com.tw
- DNS ASK microsoft.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''