Technical Information
- [<HKLM>\System\CurrentControlSet\Services\NlsData001a] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\NlsData001a] 'ImagePath' = '"%WINDIR%\SysWOW64\NlsData001a\NlsData001a.exe"'
- from <Full path to file> to %WINDIR%\syswow64\nlsdata001a\nlsdata001a.exe
- '18#.#80.84.98':443
- http://18#.##0.84.98:443/a57O4q3IFi/nQqiJI1/0D6v/ via 18#.#80.84.98