Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'Svchost' = '%TEMP%\Microsoft\Svchost.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\svchost.exe
- %TEMP%\microsoft\svchost.exe
- %TEMP%\mlt.tmp
- <Full path to file>
- %TEMP%\microsoft\svchost.exe
- %TEMP%\mlt.tmp
- '<LOCALNET>.219.112':8080
- ClassName: 'Shell_traywnd' WindowName: ''
- '%TEMP%\microsoft\svchost.exe'