Technical Information
- [HKLM\System\CurrentControlSet\Services\Vkfmms Cgojgrhn Plw] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\Vkfmms Cgojgrhn Plw] 'ImagePath' = '<SYSTEM32>\svchost.exe -k imgsvc'
- 'Vkfmms Cgojgrhn Plw' <SYSTEM32>\svchost.exe -k imgsvc
- %WINDIR%\temp\201111123718.exe
- %WINDIR%\temp\201111123720.exe
- C:\2701900.dll
- C:\nt_path.jpg
- C:\net-temp.ini
- %ProgramFiles(x86)%\ewar\xmhnxrhkf.jpg
- %ProgramFiles(x86)%\ewar\xmhnxrhkf.jpg
- C:\net-temp.ini
- C:\net-temp.ini
- DNS ASK te####2.3322.org
- DNS ASK sh#####uanjian.3322.org
- '%WINDIR%\temp\201111123718.exe'
- '%WINDIR%\temp\201111123720.exe'