Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '-+-hjfd76868-+-' = '%TEMP%\{--~~mcsft~~--}\svchoster.exe'
- <Full path to virus>:Zone.Identifier
- %TEMP%\{--~~mcsft~~--}\svchoster.exe
- 'mq#.#apto.org':1994
- DNS ASK mq#.#apto.org
- '<Private IP address>':1036
- ClassName: 'Indicator' WindowName: ''