Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\svchostsw.exe
- %TEMP%\s.bat
- %TEMP%\<File name>.exe.pid
- '5.##.69.149':7000
- '%WINDIR%\syswow64\cmd.exe' /Q /C %LOCALAPPDATA%\Temp/s.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /Q /C %LOCALAPPDATA%\Temp/s.bat