Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Arenoxu' = '%HOMEPATH%\Arenox\arvenox.vbs -BN'
- arvenox.exe
- %HOMEPATH%\arenox\arvenox.exe
- %HOMEPATH%\arenox\arvenox.vbs
- http://www.ip####keronline.com/
- DNS ASK tm##mm.xyz
- DNS ASK ip####keronline.com
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\Arenox\arvenox.vbs"
- '%HOMEPATH%\arenox\arvenox.exe'
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\Arenox\arvenox.vbs"' (with hidden window)
- '%HOMEPATH%\arenox\arvenox.exe' ' (with hidden window)