Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] '{7QBIGGUU-916577-7XIPNN-7XIPNNAAY0}' = '"%TEMP%\svchost.exe" ...'
- %APPDATA%\microsoft\windows\start menu\programs\startup\{7qbigguu-916577-7xipnn-7xipnnaay0}.exe
- hidden files
- %TEMP%\svchost.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\{7qbigguu-916577-7xipnn-7xipnnaay0}.exe
- %TEMP%\svchost.exe
- '40.##.130.227':5552
- '%TEMP%\svchost.exe'