Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinDevSrv] 'ImagePath' = '"%APPDATA%\UpdateServ\UpdaterService.exe"'
- [<HKLM>\System\CurrentControlSet\Services\WinDevSrv] 'Start' = '00000002'
- 'WinDevSrv' "%APPDATA%\UpdateServ\UpdaterService.exe"
- 'WinDevSrv' %APPDATA%\UpdateServ\UpdaterService.exe
- %APPDATA%\updateserv\updaterservice.exe
- %APPDATA%\updateserv\download.dat
- %ALLUSERSPROFILE%\updatecommon\updaterinfo
- 'tr######.imobitracking.net':80
- http://tr######.imobitracking.net/entry/exe/runinfo?re#####################################################################
- http://tr######.imobitracking.net/info/custom/custom/info.xml
- DNS ASK tr######.imobitracking.net
- '%APPDATA%\updateserv\updaterservice.exe' /service
- '%APPDATA%\updateserv\updaterservice.exe'
- '%APPDATA%\updateserv\updaterservice.exe' /service' (with hidden window)