Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.scr' = '%TEMP%\svchost.scr'
- <PATH_SAMPLE>atubcopy
- %TEMP%\svchost.scr
- %TEMP%\svchostatubcopy
- <PATH_SAMPLE>atubcopy
- %TEMP%\svchostatubcopy
- '%TEMP%\svchost.scr'
- '%TEMP%\svchost.scr' ' (with hidden window)