Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Concept' = '%TEMP%\%USERNAME%\%USERNAME%.vbs'
- '<SYSTEM32>\wscript.exe' "%TEMP%\%USERNAME%\sistema.vbs"
- %TEMP%\%USERNAME%\Ionic.Zip.Reduced.dll
- %TEMP%\%USERNAME%\%USERNAME%.vbs
- %TEMP%\%USERNAME%\sistema.vbs
- %TEMP%\%USERNAME%\sistema.vbs
- 'www.85##ts.com':80
- http://www.85##ts.com/nionnum.png
- DNS ASK www.85##ts.com
- ClassName: 'Shell_TrayWnd' WindowName: ''