Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /f /im ВіВїГЄГ¿ìµÝÅúÁ¿²éѯ¸ßÊÖ.exe
- <Current directory>\data\d1kf.dll
- <Current directory>\data\cxcode.dll
- <Current directory>\gzip.dll
- <Current directory>\×ô¶¯éý¼¶.exe
- <Current directory>\kd.zip
- <Current directory>\¸üðâëµã÷.txt
- <Current directory>\鱶¾èГВјГѕГ¬Г¼óðåèîµä·½·¨.txt
- <Current directory>\³¿êø¿ìµýåúῲéñ¯¸ßêö.exe
- <Current directory>\kd.zip
- http://www.d1##.com/down/kd.zip
- http://ab#.#1kf.com/newchenxikd/new1.php?id########
- DNS ASK ab#.#1kf.com
- DNS ASK d1##.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- '<Current directory>\×ô¶¯éý¼¶.exe'
- '%WINDIR%\syswow64\taskkill.exe' /f /im ВіВїГЄГ¿ìµÝÅúÁ¿²éѯ¸ßÊÖ.exe' (with hidden window)