Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Helper' = 'wscript.exe "%LOCALAPPDATA%\Google\Chrome\User Data\profile.js"'
- hidden files
- %LOCALAPPDATA%\google\chrome\user data\profile.js
- http://le####nternet.com/txt.txt
- DNS ASK le####nternet.com
- '<SYSTEM32>\wscript.exe' "<PATH_SAMPLE>.js" "usb"' (with hidden window)
- '<SYSTEM32>\wscript.exe' "<PATH_SAMPLE>.js" "usb"