Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6f9cKR0' = '%APPDATA%\T15YN4ja7\SeIF9N9X5.exe %APPDATA%\T15YN4ja7\F22VnJzq0 %APPDATA%\T15YN4ja7\X3hccA7Cm'
- %APPDATA%\T15YN4ja7\vb9PS7QOS.zip
- %APPDATA%\Microsoft\Windows\logsIDHrdw.log
- %APPDATA%\T15YN4ja7\vb9PS7QOS.zip
- '35.#94.88.6':80
- http://35.#94.88.6/Crwenoerlo/spzzui39cafcwhm85.vmp1.png