Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'auidsv' = 'rundll32.exe "%APPDATA%\auidsv.dll",ChConvertFromHex'
- %APPDATA%\auidsv.dll
- DNS ASK 12#####.##n99.etchostingupload.com
- ClassName: 'Static' WindowName: ''
- '%WINDIR%\syswow64\rundll32.exe' "%APPDATA%\auidsv.dll",ChConvertFromHex