Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HOST PROCESS FOR WINDOWS TASKS' = '%APPDATA%\Microsoft\taskhostw.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'HOST PROCESS FOR WINDOWS TASKS' = '%APPDATA%\Microsoft\taskhostw.exe'
- %APPDATA%\microsoft\taskhostw.exe
- %APPDATA%\microsoft\mychrome\chrome.zip
- %APPDATA%\microsoft\mychrome\7zip.exe
- %APPDATA%\microsoft\taskhostw.exe
- http://19#.#0.194.35/minecraft/client.php?st##################################################
- http://si##e.ru/down/chrome.zip
- http://si##e.ru/down/7zip.exe
- DNS ASK si##e.ru
- '%APPDATA%\microsoft\taskhostw.exe'
- '%APPDATA%\microsoft\mychrome\7zip.exe' x %APPDATA%\Microsoft\mychrome\chrome.zip -y -o%APPDATA%\Microsoft\mychrome
- '%APPDATA%\microsoft\mychrome\7zip.exe' x %APPDATA%\Microsoft\mychrome\chrome.zip -y -o%APPDATA%\Microsoft\mychrome' (with hidden window)