Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'System Health Monitoring Service Pro' = '"%TEMP%\35fa18401085b8fd.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '*System Health Monitoring Service Pro' = '"%TEMP%\35fa18401085b8fd.exe"'
- %TEMP%\35fa18401085b8fd.exe
- http://microsoft.com/
- DNS ASK microsoft.com
- DNS ASK ha###tuga.info
- DNS ASK te###atu.info
- DNS ASK te###ham.biz
- '%TEMP%\35fa18401085b8fd.exe' *
- '%TEMP%\35fa18401085b8fd.exe' ZZZZZZZQRRG