Technical Information
- <SYSTEM32>\tasks\firefox default browser agent de1bce2454ddb565
- %APPDATA%\jearrrv
- %TEMP%\8ec7.bat
- %APPDATA%\jearrrv
- 'tr####inmyus.com':80
- 'sd##huz.com':80
- 'm2###.ulm.ac.id':80
- http://sd##huz.com/dl/buildz.exe
- http://m2###.ulm.ac.id/osminogs.exe
- http://tr####inmyus.com/index.php
- DNS ASK tr####inmyus.com
- DNS ASK sd##huz.com
- DNS ASK ru##hub.xyz
- DNS ASK m2###.ulm.ac.id
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\8EC7.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\8EC7.bat" "
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1