Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\bit931a.tmp
- %WINDIR%\syswow64\wermgr.exe
- %TEMP%\liebert.bmp
- %WINDIR%\syswow64\.ighijklio
- %APPDATA%\microsoft\windows\start menu\programs\startup\bit931a.tmp
- %WINDIR%\syswow64\.ighijklio
- 'ne####e.ddns.net':6881
- DNS ASK ne####e.ddns.net
- '%WINDIR%\syswow64\wermgr.exe'