Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'coaster' = '%WINDIR%\svchost.exe'
- %WINDIR%\svchost.exe
- C:\ban.jar
- from <Full path to file> to %WINDIR%\syswow64\1166466.bak
- http://39.##5.104.157/ban.jar
- DNS ASK yk.##i8mc.top
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%ProgramFiles%\java\jre1.8.0_45\bin\javaw.exe' -jar c:\ban.jar