Technical Information
- '<LS_APPDATA>\svchost.exe'
- '<LS_APPDATA>\svchost.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /C timeout /t 5 /nobreak & taskill /f /im"<File name>.exe" & del "<Full path to file>"
- <LS_APPDATA>\svchost.exe
- 'co#####.byethost7.com':80
- 'wp#d':80
- http://co#####.byethost7.com/down/d.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK co#####.byethost7.com
- DNS ASK wp#d