Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UROYYU' = '<LS_APPDATA>\UROYYU\UROYYUTAT.vbs'
- <SYSTEM32>\regsvr32.exe
- %TEMP%\wonwonman.exe
- %TEMP%\wonwon.bmp
- %HOMEPATH%\max\wonwon.txt
- %HOMEPATH%\contacts\uroyyutec.exe
- %HOMEPATH%\max\uroyyu.bmp
- <LS_APPDATA>\uroyyu\uroyyusat.bat
- <LS_APPDATA>\uroyyu\uroyyutat.vbs
- %HOMEPATH%\max\wonwon.txt
- 'ev####aced.ddns.net':1907
- DNS ASK ev####aced.ddns.net
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\wonwonman.exe'
- '<SYSTEM32>\regsvr32.exe'