Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'runAPI35' = '"%TEMP%\runAPI92.exe"'
- %TEMP%\win29.exe
- %TEMP%\runapi92.exe
- %TEMP%\xx--xx--xx.txt
- %APPDATA%\cglogs.dat
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %APPDATA%\cglogs.dat
- %TEMP%\xx--xx--xx.txt
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- DNS ASK gr####727.no-ip.org
- '%TEMP%\win29.exe'