Technical Information
- '%TEMP%\2a.exe'
- '%PROGRAM_FILES%\pczh_110_167670.exe' (downloaded from the Internet)
- '<SYSTEM32>\notepad.exe' %TEMP%\ab.txt
- %TEMP%\ab.txt
- %TEMP%\2a.exe
- %TEMP%\2007.txt
- 'do#####ds.t3nlink.com':80
- 'do##.##inashangrui.com':80
- 'xz.###hicheng.com':80
- 'www.ym##.com':80
- do#####ds.t3nlink.com/packages/g_wz/default2/qs-zm-167539-v1.exe
- do##.##inashangrui.com/sousuo/xkss_50091167615.exe
- xz.###hicheng.com/n/pczh_110_167670.exe
- www.ym##.com/html/qq.exe
- DNS ASK do#####ds.t3nlink.com
- DNS ASK do##.##inashangrui.com
- DNS ASK xz.###hicheng.com
- DNS ASK www.ym##.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'