Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Network' = '"%ALLUSERSPROFILE%\%USERNAME%\%USERNAME%.vbs"'
- %TEMP%\concept.vbs
- %ALLUSERSPROFILE%\%USERNAME%\ion.dll
- %ALLUSERSPROFILE%\%USERNAME%\%USERNAME%.vbs
- %TEMP%\concept.vbs
- 'se####um.sytes.net':80
- http://se####um.sytes.net/ren_i.png
- DNS ASK se####um.sytes.net
- '<SYSTEM32>\wscript.exe' "%TEMP%\concept.vbs"