Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\ServTestos] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe /c ""%TEMP%\195046.bat" "
- <SYSTEM32>\svchost.exe -k ServTestos
- %TEMP%\195046.bat
- %WINDIR%\ServTestos.dll
- 'zh#####huang.ip176.com':9999
- DNS ASK zh#####huang.ip176.com