Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '%APPDATA%\svchost.exe'
- %APPDATA%\svchost.exe
- http://ka###tut.com/bot2/inc/check_command.php?HW######################################################
- http://ka###tut.com/bot2/inc/check_command.php?HW#######################################################################
- DNS ASK ka###tut.com
- '%APPDATA%\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Microsoft /t REG_SZ /d %APPDATA%\svchost.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Microsoft /t REG_SZ /d %APPDATA%\svchost.exe
- '%WINDIR%\syswow64\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Microsoft /t REG_SZ /d %APPDATA%\svchost.exe