Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'XXXXXX8B8BB23E' = '%WINDIR%\XXXXXX8B8BB23E\svchsot.exe'
- from <Full path to file> to %WINDIR%\xxxxxx8b8bb23e\svchsot.exe
- '11#.#.48.141':8000
- 'localhost':8000
- ClassName: '' WindowName: 'ÈðÐdzÌÐòÉý¼¶ÖÐ'