Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '<Full path to file>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\<File name>.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\<File name>.exe'
- <Full path to file>
- %TEMP%\txt.txt
- <Full path to file>
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- 'ic###azip.com':80
- 'ft#.########systemprivate7.altervista.org':21
- http://ic###azip.com/
- 'ft#.########systemprivate7.altervista.org':21
- DNS ASK ic###azip.com
- DNS ASK ft#.########systemprivate7.altervista.org