Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'MILJFARL' = '%TEMP%\MAHOGNIM\starbuck.vbs'
- starbuck.exe
- %TEMP%\mahognim\starbuck.exe
- %TEMP%\mahognim\starbuck.vbs
- http://ba###aco.com/waz300_foheKNmxQU184.bin
- DNS ASK ba###aco.com
- '%TEMP%\mahognim\starbuck.exe'