Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>.exe' = '<Full path to file>'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchosts.exe' = '%APPDATA%\svchosts.exe'
- svchosts.exe
- %TEMP%\aut189b.tmp
- %TEMP%\bnd.exe
- %TEMP%\aut1afd.tmp
- %TEMP%\sse.png
- %TEMP%\dup2patcher.dll
- %TEMP%\9ce5948f6f706809ad1df3709868df94.dll
- %TEMP%\29f0883a1a0e0214b6351b6254445d1c.dll
- %APPDATA%\svchosts.exe
- %TEMP%\aut66e9.tmp
- %TEMP%\aut6881.tmp
- %TEMP%\aut189b.tmp
- %TEMP%\aut1afd.tmp
- %TEMP%\aut66e9.tmp
- %TEMP%\sse.png
- %TEMP%\aut6881.tmp
- %TEMP%\sse.png
- '%TEMP%\bnd.exe'
- '%APPDATA%\svchosts.exe'
- '%APPDATA%\svchosts.exe' ' (with hidden window)