Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Palmehytt' = '%TEMP%\Renha\tilfldekabine.vbs'
- tilfldekabine.exe
- %TEMP%\renha\tilfldekabine.exe
- %TEMP%\renha\tilfldekabine.vbs
- http://ba###aco.com/build_VSJicTAg206.bin
- DNS ASK ba###aco.com
- '%TEMP%\renha\tilfldekabine.exe'