Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\defender.lnk
- %HOMEPATH%\appdata\run.tcl
- %HOMEPATH%\appdata\nir.exe
- %HOMEPATH%\appdata\run.exe
- %HOMEPATH%\appdata\hvd
- http://93.##5.19.226/lsD1DdhMttgc23/page.php?id#################################################################
- '%HOMEPATH%\appdata\nir.exe' exec hide run.exe run.tcl
- '%HOMEPATH%\appdata\run.exe' run.tcl
- '%HOMEPATH%\appdata\nir.exe' shortcut %HOMEPATH%\AppData\/nir.exe %APPDATA%\"/Microsoft/Windows/Start Menu/Programs/Startup\" Defender "exec hide run.exe run.tcl"
- '%HOMEPATH%\appdata\run.exe' run.tcl' (with hidden window)