Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'j6RA5cw' = '%APPDATA%\173JLRg7W\lt92mHksH.exe %APPDATA%\173JLRg7W\C30792PFw %APPDATA%\173JLRg7W\JosaV9It6'
- %APPDATA%\Microsoft\Windows\DudaDreams.log
- %APPDATA%\173JLRg7W\p0Y1hmvSJ.zip
- %APPDATA%\173JLRg7W\p0Y1hmvSJ.zip
- 'es#######ursodemecanicas.net.br':80
- http://es#######ursodemecanicas.net.br/Fejunnueir/ugazetcs9fhwftlbb_z1.zip
- DNS ASK es#######ursodemecanicas.net.br