Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Run' = '%LOCALAPPDATA%\Microsoft\OutExp.exe'
- %TEMP%\a
- %TEMP%\tmp
- %TEMP%\tnp
- %TEMP%\a
- from %TEMP%\tmp to %LOCALAPPDATA%\microsoft\outexp.exe
- from %TEMP%\tnp to %LOCALAPPDATA%\microsoft\outllib.dll
- '10#.#9.78.106':80
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding