Technical Information
- [<HKLM>\SOFTWARE\Classes\exefile\shell\open\command] '' = '<SYSTEM32>\svсhost.exe %L %*'
- '<SYSTEM32>\svсhost.exe' <APATH_<Auxiliary name>.EXE> /pid=0xad4 /log
- '<SYSTEM32>\svсhost.exe' <APATH_DUMPER.EXE> 0xad4 wmpnscfg.exe
- '<SYSTEM32>\svсhost.exe' <APATH_<Auxiliary name>.EXE> /pid=0x944 /log
- '<SYSTEM32>\svсhost.exe' <APATH_DUMPER.EXE> 0x944 dllhost.exe
- <Auxiliary element>
- <SYSTEM32>\svсhost.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK www.yo###ackup.ru
- ClassName: 'Shell_TrayWnd' WindowName: ''