Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%ALLUSERSPROFILE%\select.bat'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Firewall' = '%ALLUSERSPROFILE%\svchosd.exe'
- '%ALLUSERSPROFILE%\svchosd.exe'
- '<Full path to file>'
- svchosd.exe
- from <Full path to file> to %ALLUSERSPROFILE%\svchosd.exe
- '95.##3.192.88':80
- http://95.##3.192.88/crypto/gate?ac######