Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ГЇГЁГ±Гї' = '<Full path to file>'
- %TEMP%\keys.txt
- %TEMP%\run.bat
- <Full path to file>
- DNS ASK ip###ger.org
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\run.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\run.bat" "
- '%WINDIR%\syswow64\chcp.com' 1251
- '%WINDIR%\syswow64\notepad.exe' "%TEMP%\keys.txt"