Technical Information
- [HKLM\System\CurrentControlSet\Services\SearchADSvc] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\SearchADSvc] 'ImagePath' = '%WINDIR%\ReADService.exe'
- '' %WINDIR%\ReADService.exe
- 'SearchADSvc' %WINDIR%\ReADService.exe
- %WINDIR%\readservice.exe
- DNS ASK a1.####searchcenter.com
- '%WINDIR%\readservice.exe' /install /silent
- '%WINDIR%\readservice.exe'
- '%WINDIR%\syswow64\net.exe' start SearchADSvc
- '%WINDIR%\syswow64\net1.exe' start SearchADSvc
- '%WINDIR%\readservice.exe' /install /silent' (with hidden window)
- '%WINDIR%\syswow64\net.exe' start SearchADSvc' (with hidden window)