Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'xxx' = '<Full path to file>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'xxx' = '%APPDATA%\Microsoft\xsvchost.exe'
- %APPDATA%\Microsoft\xsvchost.exe
- %TEMP%\melt.txt
- <Full path to file>
- 'localhost':93
- '%APPDATA%\Microsoft\xsvchost.exe'