Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows Media' = '%HOMEPATH%\Templates\ScnCfg.exe'
- %HOMEPATH%\Start Menu\Chrome.lnk
- %HOMEPATH%\Templates\vsodscpl.dll
- %HOMEPATH%\Templates\ScnCfg.exe
- <Current directory>\edgAF70.tmp
- %HOMEPATH%\Start Menu\Chrome.lnk
- from <Full path to file> to <Current directory>\edgAF70.tmp
- 'co##.#odexoa.com':80
- 'co##.#odexoa.com':8001
- http://co##.#odexoa.com/7B6A2B7C736D76337F676011000101047000C309000000010000374236413242374337333644373633330043524E4A455546550000000000000000000000000000000000000000000057696E58502053703220783...
- DNS ASK co##.#odexoa.com
- '%HOMEPATH%\Templates\ScnCfg.exe'