Technical Information
- [<HKLM>\System\CurrentControlSet\Services\publishmove] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\publishmove] 'ImagePath' = '"<SYSTEM32>\publishmove.exe"'
- from <Full path to file> to <SYSTEM32>\publishmove.exe
- '23.##9.29.211':443
- '19#.#99.114.69':8080
- '80.##.23.144':443