Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0OER1Hp' = '%APPDATA%\52x9QVy7Z\DUhleoHp1.exe %APPDATA%\52x9QVy7Z\y6KWuK3er %APPDATA%\52x9QVy7Z\t83FjtGaM'
- %APPDATA%\52x9QVy7Z\6R6dqh9rG.zip
- %APPDATA%\Microsoft\Windows\DudaDreams.log
- %APPDATA%\52x9QVy7Z\6R6dqh9rG.zip
- '10#.#27.34.232':80
- http://10#.#27.34.232/a9q88l2w9q.zip