Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Conuser' = '%HOMEPATH%\Couser\conuxes.vbs -BN'
- conuxes.exe
- %HOMEPATH%\couser\conuxes.exe
- %HOMEPATH%\couser\conuxes.vbs
- 'tm##mm.xyz':1706
- DNS ASK tm##mm.xyz
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\Couser\conuxes.vbs"
- '%HOMEPATH%\couser\conuxes.exe'
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\Couser\conuxes.vbs"' (with hidden window)
- '%HOMEPATH%\couser\conuxes.exe' ' (with hidden window)