Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Fwecwhf' = 'C:\Users\Public\Libraries\fhwcewF.url'
- %WINDIR%\explorer.exe
- %WINDIR%\syswow64\autochk.exe
- C:\users\public\libraries\fwecwhf\fwecwhf.exe
- C:\users\public\libraries\fhwcewf.url
- 'cd#.##scordapp.com':443
- 'microsoft.com':80
- 'sh###pparel.com':80
- 'th####ld-type.com':80
- 'ap###ay-app.com':80
- 'vi###ngee.net':80
- 'ir###orose.com':80
- 'th###psytwo.com':80
- 'cd#.##scordapp.com':443
- DNS ASK cd#.##scordapp.com
- DNS ASK microsoft.com
- DNS ASK sh###pparel.com
- DNS ASK th####ld-type.com
- DNS ASK ap###ay-app.com
- DNS ASK vi###ngee.net
- DNS ASK ir###orose.com
- DNS ASK th###psytwo.com
- '%WINDIR%\syswow64\mshta.exe'
- '%WINDIR%\syswow64\wscript.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%WINDIR%\SysWOW64\mshta.exe"