Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'MSW0RD' = '%TEMP%\MSW0RD\MSW0RD.vbs'
- msw0rd.exe
- %TEMP%\msw0rd\msw0rd.exe
- %TEMP%\msw0rd\msw0rd.vbs
- 'su##.spdns.de':2999
- 'hu#####ne.gleeze.com':2999
- 'hu#####ne.myq-see.com':2999
- 'drive.google.com':443
- 'do#########ocs.googleusercontent.com':443
- DNS ASK drive.google.com
- DNS ASK do#########ocs.googleusercontent.com
- DNS ASK su##.spdns.de
- DNS ASK hu#####ne.gleeze.com
- DNS ASK hu#####ne.myq-see.com
- '%TEMP%\msw0rd\msw0rd.exe'