Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Rslhwn edxrvuev] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Rslhwn edxrvuev] 'ImagePath' = '%ProgramFiles(x86)%\svchost.exe'
- 'Rslhwn edxrvuev' %ProgramFiles(x86)%\svchost.exe
- %ProgramFiles(x86)%\svchost.exe
- %ProgramFiles(x86)%\svchost.exe
- from <Full path to file> to %WINDIR%\syswow64\1181333.bak
- 'te##.###ebook-shoping.com':8080
- DNS ASK te##.###ebook-shoping.com
- '%ProgramFiles(x86)%\svchost.exe'
- '%ProgramFiles(x86)%\svchost.exe' Win7