Technical Information
- <SYSTEM32>\winlogon.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\h[1].php
- <SYSTEM32>\hplist.txt
- <SYSTEM32>\mn_hp.dll
- <SYSTEM32>\mn_mon.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\h[1].php
- 'c7.##ooker.net':80
- c7.##ooker.net/h.php
- c7.##ooker.net/d.php
- DNS ASK c7.##ooker.net
- '<Private IP address>':1035