Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchots' = '%APPDATA%\Microsoft\Windows\Software\svchots.exe '
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '<Full path to file> '
- %HOMEPATH%\Start Menu\Programs\Startup\svchots.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\<File name>.lnk
- %TEMP%\aut1.tmp
- %APPDATA%\Microsoft\Windows\Software\svchots.exe
- %TEMP%\aut1.tmp
- 'b.##ip1.ru':15100
- DNS ASK b.##ip1.ru
- '%APPDATA%\Microsoft\Windows\Software\svchots.exe'