Technical Information
- [HKLM\System\CurrentControlSet\Services\2d387a3118a] 'ImagePath' = '%TEMP%\2d387a3118a.bin'
- [HKLM\System\CurrentControlSet\Services\2d4e8c2d63a] 'ImagePath' = '%TEMP%\2d4e8c2d63a.bin'
- '2d387a3118a' %TEMP%\2d387a3118a.bin
- '2d4e8c2d63a' %TEMP%\2d4e8c2d63a.bin
- %TEMP%\2d387a3118a.bin
- %TEMP%\2d4e8c2d63a.bin
- %WINDIR%\temp\udd8287.tmp
- %TEMP%\2d387a3118a.bin
- %WINDIR%\temp\udd8287.tmp
- %TEMP%\2d4e8c2d63a.bin
- <Full path to file>
- from <Full path to file> to %TEMP%\[aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa]
- '12#.#9.192.60':9900
- '12#.#48.65.29':9001
- http://12#.#9.192.60/download/0106.bin?ke###############
- http://12#.#9.192.60/download/1000.bin?ke###############
- http://12#.#9.192.60/download/1001.bin?ke###############
- '12#.#48.65.29':9001