Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'roseannasdeapp' = '%TEMP%\Embossingsheeneyflooz\HANDELSHJSKO.exe'
- '' (downloaded from the Internet)
- '%APPDATA%\vbc.exe'
- ieinstal.exe
- %APPDATA%\vbc.exe
- %TEMP%\embossingsheeneyflooz\handelshjsko.exe
- %APPDATA%\logerfuf.dat
- %APPDATA%\logerfuf.dat
- 'se####.#lzbanif3abused.xyz':4229
- 'dd##.#ivethings.xyz':4229
- http://ws############anrightjusticeorganizatin.duckdns.org/scmdoc/win32.exe
- http://gb####health.org/main/new_IKWPviGP254.bin
- DNS ASK ws############anrightjusticeorganizatin.duckdns.org
- DNS ASK gb####health.org
- DNS ASK ne####.duckdns.org
- DNS ASK se####.#lzbanif3abused.xyz
- DNS ASK dd##.#ivethings.xyz
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'