Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ADE0A00A734281263175' = '%APPDATA%\6ADE0A00A734281263175\6ADE0A00A734281263175.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '2500' = '00000003'
- %TEMP%\6ade0a00a734281263175
- %APPDATA%\6ade0a00a734281263175\6ade0a00a734281263175.exe
- http://nu##.com/client.php?6A###################
- DNS ASK nu##.com
- '%APPDATA%\6ade0a00a734281263175\6ade0a00a734281263175.exe'