Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Vucozes' = '%HOMEPATH%\Vucoze\vuxeraz.vbs -BN'
- vuxeraz.exe
- %HOMEPATH%\vucoze\vuxeraz.exe
- %HOMEPATH%\vucoze\vuxeraz.vbs
- 'tm##mm.xyz':1206
- DNS ASK tm##mm.xyz
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\Vucoze\vuxeraz.vbs"
- '%HOMEPATH%\vucoze\vuxeraz.exe'
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\Vucoze\vuxeraz.vbs"' (with hidden window)
- '%HOMEPATH%\vucoze\vuxeraz.exe' ' (with hidden window)