Technical Information
- [<HKCU>\Software\Classes\VKDJFile\shell\open\command] '' = '"<Full path to file>" "%l"'
- <SYSTEM32>\tasks\vkdj
- %APPDATA%\vkdj\working_20191018_0007.log
- <Current directory>\libeay32.dll
- <Current directory>\ssleay32.dll
- <LS_APPDATA>\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
- %APPDATA%\microsoft\windows\cookies\low\index.dat
- <LS_APPDATA>\microsoft\windows\history\low\history.ie5\index.dat
- DNS ASK dj###dates.com
- DNS ASK re###vedj.com
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN VKDJ /SC ONLOGON /TR "<Full path to file> /H" /F /DELAY 0001:00 /RL HIGHEST' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN VKDJ /SC ONLOGON /TR "<Full path to file> /H" /F /DELAY 0001:00 /RL HIGHEST
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\wininet.dll",DispatchAPICall 1