Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Softsvr' = '%ALLUSERSPROFILE%\Documents\svchost.exe'
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\Currentversion\Run /v Softsvr /d "%ALLUSERSPROFILE%\Documents\svchost.exe" /f
- '<SYSTEM32>\cmd.exe'
- <SYSTEM32>\cmd.exe
- 'fo##.##angsuhost.com':80
- http://fo##.##angsuhost.com/fine/rpgquest.php
- DNS ASK fo##.##angsuhost.com