Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'narret' = '%HOMEPATH%\STYREF\Datoform4.vbs'
- datoform4.exe
- %HOMEPATH%\styref\datoform4.exe
- %HOMEPATH%\styref\datoform4.vbs
- http://vd####9wogzzu.info/us10.bin
- DNS ASK vd####9wogzzu.info
- '%HOMEPATH%\styref\datoform4.exe'