Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'ServiceControlManagerExtension' = '"%WINDIR%\svchost.EXE"'
- svchost.exe
- %WINDIR%\svchost.exe
- 'localhost':1515
- '%WINDIR%\svchost.exe'
- '%WINDIR%\svchost.exe' ' (with hidden window)