Technical Information
- [HKCU\Software\Classes\mscfile\shell\open\command] '' = '"<SYSTEM32>\wscript.exe" "<PATH_SAMPLE>.js" lvwlhjpfx'
- %HOMEPATH%\documents\00392918500000285946
- 'xn######b1iek5buz9fud6d.com':80
- 'ya#####arrisalah.com':80
- http://ya#####arrisalah.com/update.php
- DNS ASK xn######b1iek5buz9fud6d.com
- DNS ASK ya#####arrisalah.com
- DNS ASK xn#######cl9bozs5c2a3duere.com
- '<SYSTEM32>\eventvwr.exe' ' (with hidden window)
- '<SYSTEM32>\wscript.exe' "<PATH_SAMPLE>.js" lvwlhjpfx' (with hidden window)
- '<SYSTEM32>\eventvwr.exe'
- '<SYSTEM32>\wscript.exe' "<PATH_SAMPLE>.js" lvwlhjpfx