Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Host process for Windows' = '%APPDATA%\Microsoft Interface\svhost.exe'
- '' (downloaded from the Internet)
- %APPDATA%\Microsoft Interface\svchost32.exe
- %APPDATA%\Microsoft Interface\svhost.exe
- %APPDATA%\Microsoft Interface\svchost32.exe
- %APPDATA%\Microsoft Interface\svhost.exe
- 'my##iles.ru':80
- http://my##iles.ru/Save/wpy56k/Apo32-12u0io3hjk2903123bita32.txt
- http://my##iles.ru/Save/hhvecu/yuh12j31283ygu1b23khost.txt
- DNS ASK my##iles.ru
- '%APPDATA%\Microsoft Interface\svhost.exe'