Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Host Process for Windows Services' = '%APPDATA%\Microsoft\Windows\svchost.exe'
- %APPDATA%\microsoft\windows\svchost.exe
- %APPDATA%\microsoft\windows\svchost.exe
- http://54.##.199.55/server3/client.php?da##################################################
- '%APPDATA%\microsoft\windows\svchost.exe'
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del <Full path to file>' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del <Full path to file>
- '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 3
- '%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --chrome-frame --app="data:text/html,<html><body><script>window.moveTo(999999,999999);window.resizeTo(0, 0);window.location='https://youtu.be/k7SCnOY6z58';</script></body></html>"