Technical Information
- [HKLM\System\CurrentControlSet\Services\31ad5351c8f] 'ImagePath' = '%TEMP%\31ad5351c8f.bin'
- [HKLM\System\CurrentControlSet\Services\31b645bef15] 'ImagePath' = '%TEMP%\31b645bef15.bin'
- '31ad5351c8f' %TEMP%\31ad5351c8f.bin
- '31b645bef15' %TEMP%\31b645bef15.bin
- %TEMP%\31ad5351c8f.bin
- %TEMP%\31b645bef15.bin
- %WINDIR%\temp\udd8c.tmp
- %TEMP%\31ad5351c8f.bin
- %WINDIR%\temp\udd8c.tmp
- %TEMP%\31b645bef15.bin
- from <Full path to file> to %TEMP%\1115297\....\temporaryfile
- '10#.#63.46.26':9901
- http://10#.#63.46.26/3.0.8/0093.bin?ke###############
- http://10#.#63.46.26/3.0.8/1000.bin?ke###############
- http://10#.#63.46.26/3.0.8/1001.bin?ke###############