Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Canevos' = '%HOMEPATH%\Canevo\canevox.vbs -BN'
- canevox.exe
- %HOMEPATH%\canevo\canevox.exe
- %HOMEPATH%\canevo\canevox.vbs
- http://www.ip####keronline.com/
- DNS ASK tm##mm.xyz
- DNS ASK ip####keronline.com
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\Canevo\canevox.vbs"
- '%HOMEPATH%\canevo\canevox.exe'
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\Canevo\canevox.vbs"' (with hidden window)
- '%HOMEPATH%\canevo\canevox.exe' ' (with hidden window)