Technical Information
- %TEMP%\javadeployreg.log
- from <PATH_SAMPLE>.vbs to C:\users\appdata\roaming\microsoft\windows\start menu\programs\startup\<File name>.vbs
- 'mc####eytighe.com':80
- http://mc####eytighe.com/newmon/attack.txt
- DNS ASK mc####eytighe.com
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' HTTP 404 Not Found The webpage cannot be found HTTP 404 Most likely causes: There might be a typing error in the address. If you clicked on a link, it may be out of date. What you ...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Move-item '<PATH_SAMPLE>.vbs' -Destination 'C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\<File name>.vbs'' (with hidden window)
- '%ProgramFiles%\internet explorer\iexplore.exe' -Embedding
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' HTTP 404 Not Found The webpage cannot be found HTTP 404 Most likely causes: There might be a typing error in the address. If you clicked on a link, it may be out of date. What you ...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Move-item '<PATH_SAMPLE>.vbs' -Destination 'C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\<File name>.vbs'