Technical Information
- [<HKLM>\System\CurrentControlSet\Services\EventSystemRoot] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\EventSystemRoot] 'ImagePath' = '<SYSTEM32>\svchost.exe -k imgsvc'
- C:\wintemp.ini
- %ProgramFiles(x86)%\google\google.html
- C:\wintemp.ini
- C:\wintemp.ini
- DNS ASK fm####.publicvm.com
- DNS ASK ai.#####.com.haoqimi.com
- '%WINDIR%\syswow64\rundll32.exe' "%ProgramFiles(x86)%\google\google.html",main