Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sheme33' = '"%APPDATA%\SiSwnd4\scvhots.exe"'
- %APPDATA%\siswnd4\scvhots.exe
- %TEMP%\crt455.exe
- %TEMP%\87hdg4e.bat
- %TEMP%\1000.{6785bfac-9d2d-4be5-b7e2-59937e8fb80a}\subst.dll
- %TEMP%\87hdg4e._eg
- %TEMP%\1000.{6785bfac-9d2d-4be5-b7e2-59937e8fb80a}\subst2.dll
- %TEMP%\1000.{6785bfac-9d2d-4be5-b7e2-59937e8fb80a}\scrpt_name
- %TEMP%\1000.{6785bfac-9d2d-4be5-b7e2-59937e8fb80a}\autorun\google.exe
- %TEMP%\1000.{6785bfac-9d2d-4be5-b7e2-59937e8fb80a}\subst.dll
- %TEMP%\1000.{6785bfac-9d2d-4be5-b7e2-59937e8fb80a}\scrpt_name
- %TEMP%\87hdg4e._eg
- %TEMP%\1000.{6785bfac-9d2d-4be5-b7e2-59937e8fb80a}\subst2.dll
- '%APPDATA%\siswnd4\scvhots.exe'
- '%TEMP%\crt455.exe' import "%TEMP%\87hDG4e._eg"
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\87hDG4e.bat"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\87hDG4e.bat"