Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'windows1' = '%APPDATA%\Install\Host.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{256C14W2-4307-17L5-O833-2WK3KRN38HN2}] 'StubPath' = '"%APPDATA%\Install\Host.exe"'
- host.exe
- %APPDATA%\install\host.exe
- %APPDATA%\install\host.exe
- '%APPDATA%\install\host.exe'
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\KWgqWcy.bat"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\KWgqWcy.bat"
- '%WINDIR%\syswow64\ping.exe' 192.0.2.2 -n 1 -w 3000
- '%WINDIR%\syswow64\cmd.exe' /c del "%TEMP%\KWgqWcy.bat"