Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '5a48bf5608885ba5358450914419d81c' = '"%TEMP%\scvhost.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5a48bf5608885ba5358450914419d81c' = '"%TEMP%\scvhost.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\5a48bf5608885ba5358450914419d81c.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\scvhost.exe" "scvhost.exe" ENABLE
- %TEMP%\scvhost.exe
- 'ez####b414.ddns.net':502
- DNS ASK ez####b414.ddns.net
- '%TEMP%\scvhost.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\scvhost.exe" "scvhost.exe" ENABLE' (with hidden window)