Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Fwecwhf' = 'C:\Users\Public\Libraries\fhwcewF.url'
- %WINDIR%\explorer.exe
- C:\users\public\libraries\fwecwhf\fwecwhf.exe
- C:\users\public\libraries\fhwcewf.url
- 'sa###ni7.com':80
- 'ql###ore.com':80
- 'ke###ping.com':80
- 'ma###oto.com':80
- DNS ASK dh###hakk.com
- DNS ASK sa###ni7.com
- DNS ASK ql###ore.com
- DNS ASK as#####ructionin.com
- DNS ASK si###media.com
- DNS ASK ke###ping.com
- DNS ASK ma###oto.com
- '%WINDIR%\syswow64\mshta.exe'
- '%WINDIR%\syswow64\explorer.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%WINDIR%\SysWOW64\mshta.exe"