Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft.JScript' = '"%TEMP%\mscorld.exe"'
- %TEMP%\[inject-into].exe
- from <Full path to file> to %TEMP%\mscorld.exe
- http://be##z.com/IP.php
- DNS ASK be##z.com
- DNS ASK rw####h.no-ip.org
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 608