Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'chrome' = 'Rundll32.exe SHELL32.DLL,ShellExec_RunDLL %APPDATA%\Microsoft\F42B2C6132C395D1A6A398D21A9BE0D1\taskwgr.exe'
- %APPDATA%\Microsoft\F42B2C6132C395D1A6A398D21A9BE0D1\taskwgr.exe
- %TEMP%\784942850
- %TEMP%\nsr2.tmp
- 'ip##pi.com':80
- http://ip##pi.com/json
- DNS ASK ip##pi.com