Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Burkged' = '%TEMP%\MANGEDO\bankerot.exe'
- ieinstal.exe
- %TEMP%\mangedo\bankerot.exe
- %APPDATA%\cosp\dos.dt
- http://11###334.xyz/new1_Ldyshrrcv95.bin
- DNS ASK 11###334.xyz
- DNS ASK bo##.#wsmppl.com
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'