Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Miсrоsоft ® Windоws Bаsеd Script Hоst' = '"%APPDATA%\Scripts\wscript.exe"'
- %APPDATA%\Scripts\wscript.exe
- <Full path to file>
- 'ja#####jj3h22.org.in':80
- 'ap#.#pify.org':443
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://ja#####jj3h22.org.in/rhn24g24/gate.php
- DNS ASK ja#####jj3h22.org.in
- DNS ASK ap#.#pify.org
- DNS ASK wp#d
- '%APPDATA%\Scripts\wscript.exe' (2del[<Full path to file>])
- '<SYSTEM32>\cmd.exe' /c choice /c y /n /d y /t 5 & del %APPDATA%\Scripts\wscript.exe