Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\info.hta
- 'ic###azip.com':80
- http://ic###azip.com/
- DNS ASK ic###azip.com
- DNS ASK re#######ata.merehosting.com
- '<SYSTEM32>\cmd.exe' /c vssadmin.exe delete shadows /all /quiet