Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FiReWall' = '%WINDIR%\svahost.exe'
- hidden files
- %WINDIR%\svahost.exe
- <SYSTEM32>.ini
- <SYSTEM32>.ini
- 'ba####dz.no-ip.biz':6667
- DNS ASK ba####dz.no-ip.biz
- '<Private IP address>':1035