Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\OpnSmi] 'Start' = '00000002'
- <SYSTEM32>\syslog.txt
- <SYSTEM32>\ModProtect.sys
- 'a.###yyyyy.cn':80
- 'dd.##10se.com':80
- a.###yyyyy.cnhttp://a.ytyyyyyy.cn/website/1.txt
- dd.##10se.comhttp://dd.2010se.com/website/ModProtect.exe
- DNS ASK a.###yyyyy.cn
- DNS ASK dd.##10se.com
- ClassName: 'Shell_TrayWnd' WindowName: ''