Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Bcdefg] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Bcdefg] 'ImagePath' = '%WINDIR%\svchost.exe'
- 'Bcdefg' %WINDIR%\svchost.exe
- %WINDIR%\svchost.exe
- C:\3932.vbs
- C:\3932.vbs
- '61.##7.103.106':8090
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%WINDIR%\svchost.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\3932.vbs"
- '%WINDIR%\svchost.exe' Win7
- '%WINDIR%\syswow64\wscript.exe' "C:\3932.vbs"' (with hidden window)