Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'phos' = '%TEMP%\UNGDOMMELI\RADIOLOGI.exe'
- ieinstal.exe
- %TEMP%\ungdommeli\radiologi.exe
- %APPDATA%\lobvgs.dat
- %APPDATA%\lobvgs.dat
- http://5.###.224.240/private/spread1_GEzHcYGH82.bin
- DNS ASK se####.#lzbanif3abused.xyz
- DNS ASK re###.ddns.net
- DNS ASK ne####.duckdns.org
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'