Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Eveny System] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Eveny System] 'ImagePath' = '<SYSTEM32>\SB360.exe'
- 'Eveny System' <SYSTEM32>\SB360.exe
- Handler for all processes: %TEMP%\ukb68D0.tmp
- Handler for all processes: %WINDIR%\TEMP\skb6AB4.tmp
- %TEMP%\ukb68d0.tmp
- %WINDIR%\temp\skb6ab4.tmp
- C:\4704.vbs
- C:\4704.vbs
- from <Full path to file> to %WINDIR%\syswow64\sb360.exe
- '58.##2.204.200':5869
- '<LOCALNET>.201.129':2345
- DNS ASK ha####j.f3322.org
- '%WINDIR%\syswow64\wscript.exe' "C:\4704.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\4704.vbs"' (with hidden window)