Technical Information
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] 'Explorer' = '%APPDATA%\svchost.exe'
- %APPDATA%\svchost.exe
- DNS ASK ac#####.websurprisemail.com
- '%APPDATA%\svchost.exe'
- '%APPDATA%\svchost.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> /a /f /q > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> /a /f /q > nul