Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\svchostsw.exe
- %TEMP%\s.bat
- %TEMP%\<File name>.exe.pid
- '19#.#7.167.130':8081
- '%WINDIR%\syswow64\cmd.exe' /Q /C <LS_APPDATA>\Temp/s.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /Q /C <LS_APPDATA>\Temp/s.bat