Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'name' = '%WINDIR%\svchoss.exe'
- %TEMP%\e_n60005\krnln.fnr
- %TEMP%\e_n60005\spec.fne
- %TEMP%\e_n60005\eapi.fne
- %TEMP%\e_n60005\sock.fne
- %TEMP%\e_n60005\ethread.fne
- %TEMP%\e_n60005\shell.fne
- %TEMP%\e_n60005\internet.fne
- %TEMP%\e_n60005\downlib.fne
- <Current directory>\hpsocket4c.dll
- %WINDIR%\hpsocket4c.dll
- %WINDIR%\svchoss.exe
- <Current directory>\hpsocket4c.dll
- %WINDIR%\hpsocket4c.dll
- %WINDIR%\svchoss.exe
- 'hl.#l66.net':1981
- DNS ASK hl.#l66.net
- DNS ASK xl##.net