Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\newtonsoft.json.dll
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\hypervisor.exe
- 'co#####websiteever.ml':80
- http://co#####websiteever.ml/explorer/Newtonsoft.Json.dll
- http://co#####websiteever.ml/bridge/install.php?ty#############
- http://co#####websiteever.ml/explorer/HyperVisor.exe?16########
- http://co#####websiteever.ml/bridge/commands.php?cl############################################
- DNS ASK co#####websiteever.ml
- '%APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe'
- '%APPDATA%\microsoft\windows\start menu\programs\startup\hypervisor.exe'