Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Illusori9' = '%HOMEPATH%\endura\Unwrapp6.vbs'
- unwrapp6.exe
- %HOMEPATH%\endura\unwrapp6.exe
- %HOMEPATH%\endura\unwrapp6.vbs
- http://vd####9wogzzu.info/us3.bin
- DNS ASK vd####9wogzzu.info
- '%HOMEPATH%\endura\unwrapp6.exe'