Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BlockHost.exe' = '<Full path to file>'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "<Current directory>"
- %TEMP%\windowscache.bin
- %TEMP%\windowscache124526842aze.bin
- %TEMP%\windowscache124526tgc842aze.bin
- '82.##7.85.169':80
- http://82.##7.85.169/server/elbhim/nobizchristian.bin