Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Win624svc' = '%ProgramFiles%\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, %ProgramFiles%\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, %ProgramFiles%\svchost.exe'
- %APPDATA%\csrss.exe
- %ProgramFiles%\svchost.exe
- %APPDATA%\csrss.exe
- %ProgramFiles%\svchost.exe
- 'as####ly.pdns.cz':1928
- 'mi###anser.club':1928
- 'an###nter.pw':1928
- '23.##9.162.150':1928
- 'wp#d':80
- '74.##5.232.51':80
- 'ip##pi.com':80
- http://ip##pi.com/line/
- http://clients3.google.com/generate_204 via 74.##5.232.51
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK as####ly.pdns.cz
- DNS ASK mi###anser.club
- DNS ASK an###nter.pw
- DNS ASK wp#d
- DNS ASK clients3.google.com
- DNS ASK ip##pi.com
- '%APPDATA%\csrss.exe' -reg "explorer.exe, %ProgramFiles%\svchost.exe" -proc 2912 %ProgramFiles%\svchost.exe
- '%ProgramFiles%\svchost.exe'