Technical Information
- [<HKLM>\System\CurrentControlSet\Services\SmartPhoneInputService] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\SmartPhoneInputService] 'ImagePath' = '<SYSTEM32>\svchost.exe -k SmartPhoneInputService'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SmartPhoneInputService\Parameters] 'ServiceDll' = '<SYSTEM32>\SmartSvc.dll'
- 'SmartPhoneInputService' <SYSTEM32>\svchost.exe -k SmartPhoneInputService
- %WINDIR%\syswow64\smartsvc.dll
- %TEMP%\~df0102424.bat
- '95.##3.171.188':443
- '11#.#7.140.155':443
- '12#.#24.214.108':443
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\~DF0102424.bat" "' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe' -k SmartPhoneInputService
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\~DF0102424.bat" "
- '%WINDIR%\syswow64\attrib.exe' -s -h "<Full path to file>"