Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'balanu' = '%HOMEPATH%\PNEUMATO\Bystrrels7.vbs'
- bystrrels7.exe
- %HOMEPATH%\pneumato\bystrrels7.exe
- %HOMEPATH%\pneumato\bystrrels7.vbs
- 'em#####ion2020.ddns.net':3800
- 'on####ve.live.com':443
- 'rq####.#n.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK rq####.#n.files.1drv.com
- DNS ASK em#####ion2020.ddns.net
- '%HOMEPATH%\pneumato\bystrrels7.exe'