Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Startup key' = '%TEMP%\RegistryFiles\RregistryFiles.vbs'
- rregistryfiles.exe
- %TEMP%\registryfiles\rregistryfiles.exe
- %TEMP%\registryfiles\rregistryfiles.vbs
- http://su####ndsound.in/wp-including/Onedrive_bJGolr143.bin
- DNS ASK su####ndsound.in
- DNS ASK xx####.dynamic-dns.net
- '%TEMP%\registryfiles\rregistryfiles.exe'