Technical Information
- [<HKLM>\System\CurrentControlSet\Services\api_socket_service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\api_socket_service] 'ImagePath' = '%PROGRAMDATA%\17f2f5d1e1\5d27f2bd37.exe'
- %PROGRAMDATA%\17f2f5d1e1\5d27f2bd37.exe
- %WINDIR%\temp\imac843.tmp
- %WINDIR%\temp\imac843.tmp
- '54.##.158.224':63334
- '%PROGRAMDATA%\17f2f5d1e1\5d27f2bd37.exe'