Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Iorera' = '%APPDATA%\umomiz\Iorera.url'
- oefnuz.exe
- %APPDATA%\umomiz\oefnuz.exe
- %APPDATA%\umomiz\iorera.url
- %APPDATA%\logs\02-19-2020
- http://ip##pi.com/json/
- DNS ASK google.com
- DNS ASK ip##pi.com
- DNS ASK mc####tts.ddns.net
- '%APPDATA%\umomiz\oefnuz.exe'