Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Dra' = 'wscript "%HOMEPATH%\TRO\Bes4.vbs"'
- %WINDIR%\win.ini
- 12_out~1.exe
- bes4.exe
- %TEMP%\ixp000.tmp\12_out~1.exe
- %HOMEPATH%\tro\bes4.exe
- %HOMEPATH%\tro\bes4.vbs
- %TEMP%\ixp000.tmp\12_out~1.exe
- '37.##.193.217':2404
- '%TEMP%\ixp000.tmp\12_out~1.exe'
- '%HOMEPATH%\tro\bes4.exe'
- '%TEMP%\ixp000.tmp\12_out~1.exe' ' (with hidden window)