Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'aabningsm' = '%HOMEPATH%\creirgistreac\piezoch.vbs'
- piezoch.exe
- %HOMEPATH%\creirgistreac\piezoch.exe
- %HOMEPATH%\creirgistreac\piezoch.vbs
- '87.##1.92.171':6698
- 'yu######hgrf.duckdns.org':2404
- http://www.ar####astudios.us/remcos_agent_encrypted_598F560.bin
- DNS ASK ar####astudios.us
- DNS ASK yu######hgrf.duckdns.org
- '%HOMEPATH%\creirgistreac\piezoch.exe'