Technical Information
- [<HKLM>\System\CurrentControlSet\Services\mfAACEnc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\mfAACEnc] 'ImagePath' = '"%WINDIR%\SysWOW64\mfAACEnc\mfAACEnc.exe"'
- from <Full path to file> to %WINDIR%\syswow64\mfaacenc\mfaacenc.exe
- '47.##8.241.179':80
- '24.##4.47.87':80
- '80.#6.91.91':8080
- '10#.#36.28.47':8080
- http://10#.##6.28.47:8080/YEJ9b6/TwpLuru0baXEs/26AhboYSZy6XtIoGgho/QtVfWfXWc13OXxE/QTd9zXEQw/ via 10#.#36.28.47