Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'QTI627R350' = '"<PATH_SAMPLE>.js"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SEJOKAOI5S' = '"%APPDATA%\FQtKmJWcuO.js"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.js
- %APPDATA%\microsoft\windows\start menu\programs\startup\fqtkmjwcuo.js
- %APPDATA%\fqtkmjwcuo.js
- '19#.#6.29.150':5555
- 'ja####inns.duia.ro':62104
- http://19#.##.29.150:5555/Vre via 19#.#6.29.150
- DNS ASK ja####inns.duia.ro
- '<SYSTEM32>\wscript.exe' //B "%APPDATA%\FQtKmJWcuO.js"