RAT, Wormjs2355e659f40169ec63dddce6d88c88411b1b02f4e4ea6cc74d794dd67a214bd0IZK0MA1HJA.jsWindowsvjw0rmvjw0rm_C4BA3647\USER-PC\admin\Microsoft Windows 7 Professional \undefined\\YES\FALSE\ (infected computer data)POST["WScript.Shell", "Scripting.FileSystemObject", "Shell.Application", "Microsoft.XMLHTTP", "HKCU", "HKLM", "HKCU\vjw0rm", "\Software\Microsoft\Windows\CurrentVersion\Run\", "HKLM\SOFTWARE\Classes\", "REG_SZ", "\defaulticon\", "winmgmts:", "win32_logicaldisk", "Win32_OperatingSystem", "AntiVirusProduct", "|V|", "\", "vjw0rm", "_", "ScriptFullName", "ScriptName", "RegRead", "split", ":\", "TRUE", "RegWrite", "FALSE", "Vre", "", "Cl", "Quit", "Sc", "temp", "CreateTextFile", "Write", "Close", "run", "Ex", "Rn", "OpenTextFile", "ReadAll", "replace", "wscript.exe //B "", """, "Up", "|U|", "Un", "Temp", "U5ZE7RY3PD", "%RgNe%", "%sfdr", "%n", "%f", "RF", "Sleep", "%", "ExpandEnvironmentStrings", "POST", "http://40.117.139.198:7974/", "open", "User-Agent:", "SetRequestHeader", "send", "responsetext", "Windir", "\Microsoft.NET\Framework\v2.0.50727\vbc.exe", "fileexists", "YES", "NO", "COMPUTERNAME", "USERNAME", "InstancesOf", "atEnd", "moveNext", "item", "Caption", "winmgmts:\\localhost\root\securitycenter", "DisplayName", "2", "volumeserialnumber", "TEMP", "CopyFile", "Schtasks /create /sc minute /mo 30 /tn Skype /tr "", "Path", "Self", "NameSpace"]
</br>