Technical Information
- [<HKLM>\System\CurrentControlSet\Services\4baa1] 'ImagePath' = '%TEMP%\4baa1.sys'
- '4baa1' %TEMP%\4baa1.sys
- %TEMP%\e_n60005\krnln.fnr
- %TEMP%\e_n60005\spec.fne
- %TEMP%\e_n60005\mp3.run
- %TEMP%\gdcm.dll
- %TEMP%\4baa1.sys
- %TEMP%\4baa1.sys
- '23.##9.231.44':8088
- '12#.#04.253.161':8088
- http://12#.#04.253.161/get_reg.asp?co############################################################################################################################################################...
- '%WINDIR%\syswow64\regsvr32.exe' %TEMP%\gdcm.dll -s' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' %TEMP%\gdcm.dll -s