Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'VMware NAT Service' = '%WINDIR%\1416jc5mnycysoarx3\Application FrameHost.exe'
- %WINDIR%\1416jc5mnycysoarx3\application framehost.exe
- %WINDIR%\1416jc5mnycysoarx3\xlbughandler.dll
- %WINDIR%\1416jc5mnycysoarx3\application framehost.exe
- 'ba##.top':80
- 'ba##.top':10086
- http://ba##.top/libcef.exe
- http://ba##.top/libcef.dll
- DNS ASK ba##.top
- ClassName: 'CabinetWClass' WindowName: '1416jc5mnycysoarx3'
- ClassName: 'CabinetWClass' WindowName: '%WINDIR%\1416jc5mnycysoarx3\'
- ClassName: 'CabinetWClass' WindowName: '%WINDIR%\1416jc5mnycysoarx3'
- ClassName: '' WindowName: ''
- ClassName: 'DirectUIHWND' WindowName: ''
- '%WINDIR%\1416jc5mnycysoarx3\application framehost.exe'