Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\svihotq] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\svihotq] 'ImagePath' = 'C:\system16\svnsrq32.exe'
- svnsrq32.exe
- %TEMP%\nsl2.tmp\System.dll
- %TEMP%\2Zzcp7GK
- C:\system16\svnsrq32.exe
- C:\system16\svnsrq64.exe
- %WINDIR%\Temp\nsz4.tmp\System.dll
- %WINDIR%\Temp\2Zzcp7GK
- <Current directory>\ssleay32.dll
- C:\system16\ssleay32.dll
- <Current directory>\libeay32.dll
- C:\system16\libeay32.dll
- <Current directory>\7z.dll
- C:\system16\7z.dll
- '31.##4.234.48':80
- http://31.##4.234.48/index.php?&1###########################
- http://31.##4.234.48/index.php?&1####################
- http://31.##4.234.48/index.php?&1#####
- '<Full path to file>'
- 'C:\system16\svnsrq32.exe'