Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'uvila' = '%PROGRAMDATA%\Iilvrw\uvila.url'
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %PROGRAMDATA%\iilvrw\oetapo.exe
- %PROGRAMDATA%\iilvrw\uvila.url
- %PROGRAMDATA%\iilvrw\oetapo.exe
- 'ca#####ksa.no-ip.biz':4000
- 'ja####6a.no-ip.biz':3000
- 'ja####6a.no-ip.biz':4000
- DNS ASK ca#####ksa.no-ip.biz
- DNS ASK ja####6a.no-ip.biz
- '%PROGRAMDATA%\iilvrw\oetapo.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'