Technical Information
- '%TEMP%\1fs64vhy6.exe'
- %TEMP%\1fs64vhy6.exe
- '3.###.180.119':16401
- http://www.as####kasounds.com/upfiles/up_down/aba804819f063b17e2c0403eafda1151.rar
- DNS ASK as####kasounds.com
- '<SYSTEM32>\reg.exe' add "HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun" /V "StartAPI" /t REG_SZ /F /D "%LOCALAPPDATA%\Temps64vhy6.exe"