Technical Information
- '<SYSTEM32>\taskkill.exe' /f /im 4t4t5
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- C:\ddd\Hex\DV.exe
- C:\ddd\Hex\install.bat
- C:\ddd\Hex\install.vbs
- C:\ddd\Hex\regedit.reg
- C:\ddd\Hex\rutserv.exe
- C:\ddd\Hex\vp8decoder.dll
- C:\ddd\Hex\vp8encoder.dll
- %TEMP%\Bass.dll
- %TEMP%\BassWma.dll
- %TEMP%\SlideLoader.exe
- %TEMP%\IMG-121F4BAE.tmp
- %TEMP%\IMG-4F167468.tmp
- %TEMP%\IMG-0ABE6A0D.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\Bass.dll
- %TEMP%\BassWma.dll
- %TEMP%\SlideLoader.exe
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: '' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\ddd\Hex\install.vbs" -p834784734789789347892898943789787892
- 'C:\ddd\Hex\DV.exe' /start
- '%TEMP%\SlideLoader.exe' /start 65902
- '<SYSTEM32>\cmd.exe' /c ""C:\ddd\Hex\install.bat" "
- '<SYSTEM32>\reg.exe' delete "70t9j" /f