Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Config' = '"%WINDIR%\updsvchosts.exe"'
- %WINDIR%\updsvchosts.exe
- <Auxiliary element>
- %TEMP%\aut2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gate[1].htm
- %WINDIR%\updsvchosts.exe
- %TEMP%\aut1.tmp
- %APPDATA%\sfe.rtf
- %TEMP%\aut2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gate[1].htm
- %TEMP%\aut1.tmp
- %APPDATA%\sfe.rtf
- 'ro###yuds.com':80
- '62.##.184.96':80
- ro###yuds.com/gate.php
- 62.##.184.96/gate.php
- DNS ASK ro###yuds.com