Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a4f5fc179540a0b155d91b489e6811e2' = '<Full path to file>'
- <Current directory>\svchosts.exe
- '<Current directory>\svchosts.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose