Technical Information
- [HKLM\System\CurrentControlSet\Services\2f8d8a853f6] 'ImagePath' = '%TEMP%\2f8d8a853f6.bin'
- [HKLM\System\CurrentControlSet\Services\2f96cc1ef8d] 'ImagePath' = '%TEMP%\2f96cc1ef8d.bin'
- '2f8d8a853f6' %TEMP%\2f8d8a853f6.bin
- '2f96cc1ef8d' %TEMP%\2f96cc1ef8d.bin
- %TEMP%\2f8d8a853f6.bin
- %TEMP%\2f96cc1ef8d.bin
- %WINDIR%\temp\uddbe4f.tmp
- %TEMP%\2f8d8a853f6.bin
- %WINDIR%\temp\uddbe4f.tmp
- %TEMP%\2f96cc1ef8d.bin
- '10#.#63.46.26':9901
- http://10#.#63.46.26/3.0.8/0089.bin?ke###############
- http://10#.#63.46.26/3.0.8/1000.bin?ke###############
- http://10#.#63.46.26/3.0.8/1001.bin?ke###############