Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\Googleiv.exe'
- %WINDIR%\Googleiv.exe
- %TEMP%\15243.jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\count[1].asp
- %WINDIR%\Googleiv.exe
- C:\MyTemp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\count[1].asp
- %TEMP%\15243.jpg
- C:\MyTemp
- 'v1##hop.com':80
- '73##d.com':80
- v1##hop.com/count.asp?ma############################
- 73##d.com/2013.txt
- DNS ASK v1##hop.com
- DNS ASK 73##d.com