Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\hnqazclrmy.js
- %APPDATA%\hnqazclrmy.js
- 'ot####zensen.com':80
- 'ma####597.duia.ro':8159
- http://ot####zensen.com/gg.exe
- DNS ASK ot####zensen.com
- DNS ASK ma####597.duia.ro
- '<SYSTEM32>\wscript.exe' //B "%APPDATA%\HnQAZClRMy.js"