Technical Information
- C:\system32\<File name>.exe
- %APPDATA%\microsoft\vbs1.vbs
- C:\system32\<File name>.exe
- %APPDATA%\microsoft\vbs1.vbs
- from <Full path to file> to %APPDATA%\<File name>.exe
- '<LOCALNET>.49.14':2020
- '<LOCALNET>.49.14':0
- DNS ASK sz###orld.xyz
- ClassName: '#32770' WindowName: 'ÊÓƵԴ'
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\Microsoft\VBS1.vbs"