Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'DELB' = '%TEMP%\Affedni\UNWIP.vbs'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'billedt' = '%HOMEPATH%\Lecitha8\Strukturer9.exe'
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- unwip.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %TEMP%\winrec32.exe
- %TEMP%\affedni\unwip.exe
- %TEMP%\affedni\unwip.vbs
- %HOMEPATH%\lecitha8\strukturer9.exe
- http://b.#ink/projectfriendzkl
- http://pr###rrty.co/files/friendz@customer.exe
- DNS ASK b.#ink
- DNS ASK pr###rrty.co
- DNS ASK drive.google.com
- '%TEMP%\winrec32.exe'
- '%TEMP%\affedni\unwip.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe' ' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'