Technical Information
- [<HKLM>\SOFTWARE\Classes\VBEFile\Shell\Open\Command] '' = '<SYSTEM32>\WScript.exe "%1" %*'
- %TEMP%\aut1.tmp
- %TEMP%\~vyytrti.vbe
- <SYSTEM32>\<File name>.vbe
- <SYSTEM32>\<File name>.vbe
- %TEMP%\aut1.tmp
- <SYSTEM32>\<File name>.vbe
- %TEMP%\~vyytrti.vbe
- 'localhost':1037
- 'di###ngil.info':80
- http://di###ngil.info/?tg##############################
- DNS ASK di###ngil.info
- '%TEMP%\~vyytrti.vbe' "<SYSTEM32>\<File name>.vbe"