Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '11' = '%HOMEPATH%\subfolder\11.vbs -TT'
- %WINDIR%\explorer.exe
- 11.scr
- %HOMEPATH%\subfolder\11.scr
- %HOMEPATH%\subfolder\11.vbs
- DNS ASK my####rnalip.com
- DNS ASK ap#.#pify.org
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\subfolder\11.vbs"
- '%HOMEPATH%\subfolder\11.scr' /S
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\subfolder\11.vbs"' (with hidden window)
- '%HOMEPATH%\subfolder\11.scr' /S' (with hidden window)
- '%WINDIR%\explorer.exe'