Technical Information
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Host Process for Windows Services' = '%APPDATA%\Microsoft\svchost.exe'
- %APPDATA%\microsoft\svchost.exe
- %APPDATA%\microsoft\inst_chk.bin
- %WINDIR%\syswow64\test.txt
- 'fr###eoip.net':80
- http://fr###eoip.net/xml/
- http://fr###eoip.net/shutdown
- DNS ASK fr###eoip.net
- '%APPDATA%\microsoft\svchost.exe'