Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '"%WINDIR%\system\svchost.exe"'
- %TEMP%\tmp1.exe
- %TEMP%\tmp2.exe
- %TEMP%\x.bat
- %WINDIR%\system\svchost.exe
- %WINDIR%\ms.txt
- 'ft#.##apple.co.cc':21
- DNS ASK ft#.##apple.co.cc
- '%TEMP%\tmp1.exe'
- '%TEMP%\tmp2.exe'
- '%TEMP%\tmp1.exe' ' (with hidden window)
- '%TEMP%\tmp2.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\x.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\x.bat