Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\sechost.exe
- %HOMEPATH%\Start Menu\Programs\Startup\Restart.bat
- 'sh##txt.cn':80
- http://sh##txt.cn/s/a4bdcblaotaoer
- DNS ASK sh##txt.cn
- '%HOMEPATH%\Start Menu\Programs\Startup\sechost.exe'
- '<SYSTEM32>\cmd.exe' /c "%HOMEPATH%\Start Menu\Programs\Startup\Restart.bat"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 2