Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Logger Service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Logger Service] 'ImagePath' = '"%ALLUSERSPROFILE%\Logger\Logger.exe" isdf'
- 'Logger Service' "%ALLUSERSPROFILE%\Logger\Logger.exe" isdf
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\sc.cfg
- %TEMP%\logexts.dat
- %TEMP%\logexts.dll
- %TEMP%\logger.dat
- %TEMP%\logger.exe
- %TEMP%\1131553.doc
- %ALLUSERSPROFILE%\logger\logger.exe
- %ALLUSERSPROFILE%\logger\logger.dat
- %ALLUSERSPROFILE%\logger\logexts.dll
- %ALLUSERSPROFILE%\logger\logexts.dat
- %ALLUSERSPROFILE%\logger\sc.cfg
- %ALLUSERSPROFILE%\logger\ser.dat
- '<LOCALNET>.8.106':9425
- ClassName: '' WindowName: 'Logger (debugger) 3.01'
- ClassName: '$$$UI0Background' WindowName: ''
- '%TEMP%\logger.exe'
- '%ALLUSERSPROFILE%\logger\logger.exe' hiox
- '%ALLUSERSPROFILE%\logger\logger.exe' isdf
- '%ALLUSERSPROFILE%\logger\logger.exe' mdkv
- '%TEMP%\logger.exe' ' (with hidden window)
- '%ALLUSERSPROFILE%\logger\logger.exe' hiox' (with hidden window)
- '%ALLUSERSPROFILE%\logger\logger.exe' mdkv' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%TEMP%\1131553.doc"
- '<SYSTEM32>\ctfmon.exe'
- '%WINDIR%\syswow64\svchost.exe' NetworkService 616
- '<SYSTEM32>\ui0detect.exe'