Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Time service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Time service] 'ImagePath' = '"<SYSTEM32>\SVCH0ST.exe" /service'
- <SYSTEM32>\svch0st.exe
- <Current directory>\$$a45392$$.bat
- '22#.#1.176.44':8010
- '<SYSTEM32>\svch0st.exe' /service
- '<SYSTEM32>\cmd.exe' /c <Current directory>\$$a45392$$.bat' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c <Current directory>\$$a45392$$.bat