Technical Information
- '%TEMP%\svchost.exe' inject
- '%TEMP%\svchost.exe' (downloaded from the Internet)
- %TEMP%\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inject[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inject[1].jpg
- 'ad####el.3322.org':80
- 'localhost':1035
- ad####el.3322.org/update/inject.jpg
- DNS ASK ad####el.3322.org