Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'cmd.exe' = '%HOMEPATH%\cmd.exe'
- %HOMEPATH%\vnc.exe
- %HOMEPATH%\cmd.exe
- %HOMEPATH%\kkki
- %APPDATA%\postgrese.exe
- %HOMEPATH%\cmd.exe
- %HOMEPATH%\kkki
- 'yo###ite.com':80
- http://www.yo###ite.com/file.exe
- DNS ASK yo###ite.com
- '%HOMEPATH%\vnc.exe'
- '%APPDATA%\postgrese.exe'
- '%WINDIR%\syswow64\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del <Full path to file>' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del <Full path to file>
- '%WINDIR%\syswow64\choice.exe' /C Y /N /D Y /T 3