Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'c78655bc80301d76ed4fef1c1ea40a7d' = '%TEMP%\Microsoft\svchost.exe'
- hidden files
- '<Current directory>\S2SS.EXE'
- %TEMP%\Microsoft\svchost.exe
- <Current directory>\S2SS.EXE
- %TEMP%\BlackData.dat
- %TEMP%\Microsoft\svchost.exe
- 'localhost':5050