Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\DirectX jrq] 'ImagePath' = '%WINDIR%\Autoexec.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\DirectX jrq] 'Start' = '00000002'
- '<SYSTEM32>\wscript.exe' "C:\160.vbs"
- C:\160.vbs
- C:\160.vbs
- from <Full path to file> to %WINDIR%\Autoexec.exe
- '45.##.198.147':7412
- 'd2.##ckxk.com':7412
- DNS ASK d2.##ckxk.com