Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Knibningen5' = '%HOMEPATH%\flawed\FAAREDE.vbs'
- faarede.exe
- %HOMEPATH%\flawed\faarede.exe
- %HOMEPATH%\flawed\faarede.vbs
- %APPDATA%\screenshots\time_20200204_222131.png
- %APPDATA%\onedrive\logs.dat
- '54.##.160.149':24049
- 'sh###.dmca.gripe':443
- DNS ASK sh###.dmca.gripe
- '%HOMEPATH%\flawed\faarede.exe'