Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Klokkere9' = '%HOMEPATH%\Phantasmality6\BRYGVANDET.vbs'
- %WINDIR%\syswow64\cmd.exe
- brygvandet.scr
- %HOMEPATH%\phantasmality6\brygvandet.scr
- %HOMEPATH%\phantasmality6\brygvandet.vbs
- '19#.5.97.49':1759
- http://ha#####tgumivetel.hu/ok_encrypted_E1A3B2F.bin
- DNS ASK ha#####tgumivetel.hu
- '%HOMEPATH%\phantasmality6\brygvandet.scr' /S
- '%WINDIR%\syswow64\cmd.exe'