Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftWinZip' = '%ALLUSERSPROFILE%\dwm.exe'
- '%ALLUSERSPROFILE%\dwm.exe'
- %ALLUSERSPROFILE%\ltc.txt
- %ALLUSERSPROFILE%\eth.txt
- %ALLUSERSPROFILE%\zec.txt
- %ALLUSERSPROFILE%\monero.txt
- %ALLUSERSPROFILE%\btc.txt
- %ALLUSERSPROFILE%\dwm.exe
- %ALLUSERSPROFILE%\doge.txt
- %ALLUSERSPROFILE%\dash.txt
- 'bu##ler.com':80
- http://bu##ler.com/wallet/ltc.txt
- http://bu##ler.com/wallet/monero.txt
- http://bu##ler.com/wallet/zec.txt
- http://bu##ler.com/wallet/eth.txt
- http://bu##ler.com/wallet/btc.txt
- http://bu##ler.com/wallet/dash.txt
- http://bu##ler.com/wallet/doge.txt
- DNS ASK bu##ler.com
- ClassName: 'MS_WINHELP' WindowName: ''