Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'SVCHOST' = '%WINDIR%\mmhost.exe'
- %WINDIR%\mmhost.exe
- DNS ASK xz###.hopto.org
- '%WINDIR%\mmhost.exe'
- '%WINDIR%\mmhost.exe' ' (with hidden window)