Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Run' = '%TEMP%\tiltr\Trypsi1.vbs'
- trypsi1.exe
- %TEMP%\tiltr\trypsi1.exe
- %TEMP%\tiltr\trypsi1.vbs
- 'pl#####.nsupdate.info':8881
- 'pl####r.duckdns.org':6363
- http://un#####securetrade.com/file/p%20payload_PleMaIR0.bin
- DNS ASK un#####securetrade.com
- DNS ASK pl#####.nsupdate.info
- DNS ASK pl####r.duckdns.org
- '%TEMP%\tiltr\trypsi1.exe'