Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'Scvhost' = '%TEMP%\Microsoft\Scvhost.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\svchost.exe
- %TEMP%\microsoft\scvhost.exe
- %TEMP%\mlt.tmp
- %TEMP%\microsoft\scvhost.exe
- %TEMP%\mlt.tmp
- 'nu####020.hopto.org':808
- DNS ASK nu####020.hopto.org
- ClassName: 'Shell_traywnd' WindowName: ''
- '%TEMP%\microsoft\scvhost.exe'
- '%WINDIR%\syswow64\cmd.exe' /k ping 0 & del "%TEMP%\Microsoft\Scvhost.exe" & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /k ping 0 & del "%TEMP%\Microsoft\Scvhost.exe" & exit
- '%WINDIR%\syswow64\ping.exe' 0