Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OneDrive' = '%APPDATA%\InternetExplorer\System32\Recovery\powershell.exe'
- %TEMP%\LZMA.DLL
- %APPDATA%\InternetExplorer\System32\Recovery\cpu_tromp_AVX.dll
- %APPDATA%\InternetExplorer\System32\Recovery\svhost.exe
- %APPDATA%\InternetExplorer\System32\Recovery\cpu_tromp_SSE2.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cuda_djezo.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cuda_tromp.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cuda_tromp_75.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cudart32_75.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cudart32_80.dll
- %APPDATA%\InternetExplorer\System32\Recovery\cudart64_75.dll
- %APPDATA%\InternetExplorer\System32\Recovery\host.exe
- %APPDATA%\InternetExplorer\System32\Recovery\cudart64_80.dll
- %APPDATA%\InternetExplorer\System32\Recovery\powershell.exe
- '%APPDATA%\InternetExplorer\System32\Recovery\powershell.exe'
- '<SYSTEM32>\cmd.exe' /k cd %appdata%\InternetExplorer\System32\Recovery && start powershell.exe