Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'INDLEVERI' = '%HOMEPATH%\UNFORK\SPANGHEWP.vbs'
- spanghewp.exe
- %HOMEPATH%\unfork\spanghewp.exe
- %HOMEPATH%\unfork\spanghewp.vbs
- http://vd####9wogzzu.info/us4.bin
- DNS ASK vd####9wogzzu.info
- '%HOMEPATH%\unfork\spanghewp.exe'