Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Winder' = 'C:\System32\svchcst.exe'
- %APPDATA%\В±ВёГ—Вў.txt
- <Current directory>\extfile4.exe
- C:\system32\svchcst.exe
- %APPDATA%\microsoft\vbs3.vbs
- C:\system32\svchcst.exe
- %APPDATA%\microsoft\vbs3.vbs
- from <Full path to file> to %APPDATA%\svchcst.exe
- '<LOCALNET>.1.105':3388
- ClassName: '#32770' WindowName: 'ÊÓƵԴ'
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\Microsoft\VBS3.vbs"