Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'YOH1U11UIR' = '"%TEMP%\<File name>.js"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.js
- %TEMP%\content\2584-2056-wscript.exe-15-52-29-306.dump
- %TEMP%\<File name>.js
- 'sb####.mywire.org':14
- DNS ASK sb####.mywire.org