Technical Information
- %TEMP%\8eba.tmp\8ebb.tmp\8ebc.bat
- %TEMP%\microsoft.txt
- %TEMP%\microsoft.dll
- %WINDIR%\registration\{02d4b3f1-fd88-11d1-960d-00805fc79235}.{84aa4fe1-0954-4daa-8842-32a20b619d39}.crmlog
- %TEMP%\microsoft.tlb
- %WINDIR%\registration\_regdbwrt.clb
- %TEMP%\microsoft.txt
- %WINDIR%\registration\{02d4b3f1-fd88-11d1-960d-00805fc79235}.{70c8e9a1-71ac-4642-8c00-42bb5ae4e409}.crmlog
- %TEMP%\microsoft.dll
- %TEMP%\8eba.tmp\8ebb.tmp\8ebc.bat
- %WINDIR%\registration\r000000000004.clb
- from %WINDIR%\registration\_regdbwrt.clb to %WINDIR%\registration\r000000000006.clb
- '<LOCALNET>.81.129':4444
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\8EBA.tmp\8EBB.tmp\8EBC.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\8EBA.tmp\8EBB.tmp\8EBC.bat <Full path to file>"
- '<SYSTEM32>\certutil.exe' -decode "%TEMP%\microsoft.txt" "%TEMP%\microsoft.dll"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe' %TEMP%\microsoft.dll
- '<SYSTEM32>\msdtc.exe'
- '<SYSTEM32>\dllhost.exe' /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}