Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'name' = '%WINDIR%\svchost.exe'
- from <Full path to file> to %WINDIR%\svchost.exe
- 'ji######20.e2.luyouxia.net':34526
- '12#.#32.153.66':1981
- http://www.xl##.net/at.txt
- DNS ASK xl##.net
- DNS ASK ji######20.e2.luyouxia.net