Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'austinennenne' = '%HOMEPATH%\austinennenne\austinennenne.vbs -cz'
- %WINDIR%\explorer.exe
- %WINDIR%\syswow64\wuapp.exe
- austinennenne.exe
- iexplore.exe
- firefox.exe
- iexplore.exe process, wininet.dll module
- firefox.exe process, nss3.dll module
- %HOMEPATH%\austinennenne\austinennenne.exe
- %HOMEPATH%\austinennenne\austinennenne.vbs
- %HOMEPATH%\austinennenne\austinennenne.exe
- '%HOMEPATH%\austinennenne\austinennenne.exe'
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\austinennenne\austinennenne.vbs"
- '%HOMEPATH%\austinennenne\austinennenne.exe' ' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\austinennenne\austinennenne.vbs"' (with hidden window)
- '%WINDIR%\syswow64\wuapp.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%HOMEPATH%\austinennenne\austinennenne.exe"