Technical Information
- %TEMP%\rarsfx0\winsys.vbs
- http://cw.##xmyrep.co/
- http://li##z.it/s/8Lu/cw
- DNS ASK cw.##xmyrep.co
- DNS ASK li##z.it
- DNS ASK ad###kmedia.com
- DNS ASK microsoft.com
- DNS ASK t.###itgo.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\RarSFX0\winsys.vbs"