Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\prolog.lnk
- %APPDATA%\microsoft\windows\templates\prolog.vbs
- %APPDATA%\prcreator.vbs
- /ReportError via co#.##onshinet.com
- DNS ASK co#.##onshinet.com
- '%WINDIR%\syswow64\wscript.exe' %APPDATA%\Microsoft\Windows\Templates\Prolog.vbs
- '%WINDIR%\syswow64\wscript.exe' %APPDATA%\PrCreator.vbs
- '%WINDIR%\syswow64\wscript.exe' %APPDATA%\Microsoft\Windows\Templates\Prolog.vbs' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' %APPDATA%\PrCreator.vbs' (with hidden window)