Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\XTtJWGOwGeB] 'ImagePath' = '<DRIVERS>\XTtJWGOwGeB.sys'
- %TEMP%\26ebd.tmp
- %TEMP%\2817b.tmp
- %TEMP%\292b3.tmp
- <DRIVERS>\XTtJWGOwGeB.sys
- %TEMP%\26ebd.tmp
- %TEMP%\2817b.tmp
- %TEMP%\292b3.tmp
- <DRIVERS>\XTtJWGOwGeB.sys
- '12#.#25.114.144':80
- http://ba##u.com/ via 12#.#25.114.144
- DNS ASK ba##u.com