Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'jusyysh' = 'C:\Protec\jbl2.exe'
- 'C:\protec\jbl2.exe'
- C:\protec\lkasjhfjkajflk.zip
- C:\protec\jbl2.exe
- C:\protec\lkasjhfjkajflk.zip
- http://14#.##.210.206:5637/parcial01.txt via 14#.#1.210.206
- http://14#.##.210.206:5637/jbl23.Yzip via 14#.#1.210.206
- DNS ASK jb#####3b8zo.hopto.org
- '<SYSTEM32>\wscript.exe' "<PATH_SAMPLE>.vbs" /elevate