Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe jshelp.exe'
- %WINDIR%\regedit.exe <Auxiliary element>
- <Auxiliary element>
- <SYSTEM32>\YMHQIRL.DLL
- <SYSTEM32>\wbem\PKAEXTFEOU.DLL
- <SYSTEM32>\7k8kkT.dll
- <SYSTEM32>\wbem\YODZKEF.MDA
- 'www.hj##123.com':80
- 'www.17##3.com':80
- www.hj##123.com/dfiles/txt/corphff.txt
- www.17##3.com/
- DNS ASK www.hj##123.com
- DNS ASK www.17##3.com
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''