Technical Information
- [HKCU\Software\Classes\mscfile\shell\open\command] '' = '"<SYSTEM32>\wscript.exe" "<PATH_SAMPLE>.js" vrjomhc'
- %HOMEPATH%\documents\00392918500000285946
- 'yi##gu.com':80
- 'x7##.com':80
- http://x7##.com/update.php
- DNS ASK ya####iviere.com
- DNS ASK yi##gu.com
- DNS ASK x7##.com
- '<SYSTEM32>\eventvwr.exe' ' (with hidden window)
- '<SYSTEM32>\wscript.exe' "<PATH_SAMPLE>.js" vrjomhc' (with hidden window)
- '<SYSTEM32>\eventvwr.exe'
- '<SYSTEM32>\wscript.exe' "<PATH_SAMPLE>.js" vrjomhc