Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows System Startup' = '%APPDATA%\Microsoft Windows System\svchost.exe'
- from <Full path to file> to %APPDATA%\microsoft windows system\svchost.exe
- '19#.#0.57.179':80
- '<SYSTEM32>\cmd.exe' /C attrib -s -h %APPDATA%\Microsoft Windows System' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C attrib -s -h %APPDATA%\Microsoft Windows System
- '<SYSTEM32>\attrib.exe' -s -h %APPDATA%\Microsoft Windows System
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 1188