Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Window' = 'cmd /c "start "Window" "%ProgramFiles%\Antivirus\Admin.exe"'
- '<SYSTEM32>\schtasks.exe' /create /NP /sc onlogon /tn "Window" /rl highest /tr "'%ProgramFiles%\Antivirus\Admin.exe' /startup" /f
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Window" /d "cmd /c """start """Window""" """%ProgramFiles%\Antivirus\Admin.exe"""" /f"
- <SYSTEM32>\svchost.exe
- %ProgramFiles%\Antivirus\Admin.exe
- %APPDATA%\User\Screenshots\02-13-2017\5.26 AM
- %TEMP%\nsl2.tmp\System.dll
- %TEMP%\favicon.png
- %TEMP%\armories.H
- 'localhost':4567
- '46.##.33.108':4567
- ClassName: 'religions' WindowName: ''