Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'bms_bApp' = '%APPDATA%\Microsoft\securescan.exe'
- %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\upnp device host\upnphost\udhisapi.dll
- %APPDATA%\microsoft\securescan.exe
- %HOMEPATH%\documents\documents\call record and tracking route.mp3
- '19#.#7.152.28':9990
- '23#.#55.255.250':1900
- ClassName: '\MSITPro::EventQueue' WindowName: ''
- ClassName: 'Type32_Main_Window' WindowName: ''
- ClassName: 'WMPlayerApp' WindowName: ''
- '%ProgramFiles%\windows media player\wmplayer.exe' /Play -Embedding