Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'd0b69058ea3622383fc63586b38600b2' = '"%APPDATA%\svchost.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd0b69058ea3622383fc63586b38600b2' = '"%APPDATA%\svchost.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\d0b69058ea3622383fc63586b38600b2.exe
- %TEMP%\doodox0od0ox0oo0dox.exe
- %APPDATA%\svchost.exe
- %TEMP%\xenos.exe
- %TEMP%\svchost.exe
- 'fo######hack6969.hopto.org':1997
- 'di##ord.gg':443
- 'localhost':1040
- DNS ASK fo######hack6969.hopto.org
- DNS ASK di##ord.gg
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- '%TEMP%\doodox0od0ox0oo0dox.exe'
- '%APPDATA%\svchost.exe'
- '%TEMP%\xenos.exe'
- '%TEMP%\svchost.exe'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -nohome