Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'camoufl' = '%HOMEPATH%\adverbi\ugern.vbs'
- ugern.exe
- %HOMEPATH%\adverbi\ugern.exe
- %HOMEPATH%\adverbi\ugern.vbs
- 'ew#####kuncjo90.club':80
- 'ew#####kuncJO90.club':5762
- 'Pg####YXVZeNNam.xyz':5762
- http://ew#####kuncJO90.club/shop.html
- DNS ASK ew#####kuncjo90.club
- DNS ASK pM####hhkiN98Px.xyz
- DNS ASK US####8wEMlUtX5.xyz
- DNS ASK Pg####YXVZeNNam.xyz
- DNS ASK CE#####ssLv2NiM.club
- DNS ASK BC#####93Z3HPLQ.club
- DNS ASK LP#####PvNSq11I.club
- DNS ASK xz#####NlSjjchr.club
- DNS ASK Se####60L2OxZNM.xyz
- DNS ASK u4####lplzi5hdx.ru
- DNS ASK yg####vamv6sw0n.ru
- DNS ASK 6a####0v4x0o7z8.ru
- DNS ASK j3####496fukmhj.ru
- DNS ASK zy#####6go3izsb.club
- DNS ASK g8#####do670ly5.club
- DNS ASK j3####kvzinaqax.xyz
- DNS ASK 2y####pnl01jyr7.xyz
- DNS ASK nx####4nnhx4j8u.ru
- DNS ASK GW####iG58DCq6F.xyz
- '%HOMEPATH%\adverbi\ugern.exe'