Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Startup key' = '%TEMP%\subfolder1\filename1.vbs'
- filename1.exe
- %TEMP%\subfolder1\filename1.exe
- %TEMP%\subfolder1\filename1.vbs
- '79.##4.225.103':39777
- 'we#####blessed.ddns.net':39777
- http://35.##3.126.66/PARA_TEzrffGjd104.bin
- DNS ASK we#####blessed.ddns.net
- '%TEMP%\subfolder1\filename1.exe'