Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSXML' = '%PROGRAM_FILES%\MSXML 4.2\MSXML.exe'
- <Full path to virus>
- %PROGRAM_FILES%\MSXML 4.2\MSXML.exe
- 'qt#####7.blog.163.com':80
- qt#####7.blog.163.com/blog/static/227577007201392781857223/
- DNS ASK qt#####7.blog.163.com
- ClassName: '(null)' WindowName: 'Microsoft Internet Explorer'