Technical Information
- [<HKLM>\System\CurrentControlSet\Services\NlsData0047] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\NlsData0047] 'ImagePath' = '"%WINDIR%\SysWOW64\NlsData0047\NlsData0047.exe"'
- from <Full path to file> to %WINDIR%\syswow64\nlsdata0047\nlsdata0047.exe
- '81.##9.202.3':443
- http://81.###.202.3:443/0EANwPHYN6nYGkVcxdI/AgGAUmyPN8foZ1V/ via 81.##9.202.3