Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Svchost.exe' = '%APPDATA%\Svchost.exe'
- <Drive name for removable media>:\partypics-3-26.exe
- %APPDATA%\edifqtiefoytwmf.txt
- %APPDATA%\gwkuedqceambizl.txt
- %APPDATA%\svchost.exe
- 'sm##.live.com':587
- DNS ASK sm##.live.com
- '%APPDATA%\svchost.exe'
- '<SYSTEM32>\cmd.exe'