Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Tankerk4' = '%HOMEPATH%\Masoned7\Rookle2.vbs'
- rookle2.exe
- %HOMEPATH%\masoned7\rookle2.exe
- %HOMEPATH%\masoned7\rookle2.vbs
- 'vd####9wogzzu.info':4405
- 'xv#####1skbs0bo.info':4405
- http://vd####9wogzzu.info/us9.bin
- DNS ASK vd####9wogzzu.info
- DNS ASK xv#####1skbs0bo.info
- DNS ASK jq####y7489jkmb.ru
- DNS ASK ct####n17qjpwv4.ru
- DNS ASK wv#####jspasvvi.info
- DNS ASK 5b####9ipmxb0qq.ru
- DNS ASK n8#####2bkdpfd7.info
- '%HOMEPATH%\masoned7\rookle2.exe'