Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'srravwwi' = '"%LOCALAPPDATA%\kltulhhh.exe"'
- %WINDIR%\syswow64\svchost.exe
- %LOCALAPPDATA%\kltulhhh.exe
- '19#.#.62.166':8080
- '11#.#9.6.237':443
- '91.##1.208.114':8080
- http://19#.#.62.166:8080/index.php via 19#.#.62.166
- '%WINDIR%\syswow64\svchost.exe'