Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\winder.lnk
- C:\system32\svchcst.exe
- %APPDATA%\microsoft\vbs3.vbs
- C:\system32\svchcst.exe
- %APPDATA%\microsoft\vbs3.vbs
- from <Full path to file> to %APPDATA%\svchcst.exe
- '11#.#93.233.10':2016
- ClassName: '' WindowName: 'wscript.exe'
- ClassName: '#32770' WindowName: 'ÊÓƵԴ'
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\Microsoft\VBS3.vbs"
- '%WINDIR%\syswow64\cmd.exe' / cdel *.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' / cdel *.exe