Technical Information
- '<SYSTEM32>\winlogon.exe'
- <SYSTEM32>\winlogon.exe
- %TEMP%\2defe.tmp
- <SYSTEM32>\hstest.ini
- %TEMP%\2ca7a.tmp
- %TEMP%\2d71d.tmp
- %TEMP%\2defe.tmp
- %TEMP%\2d71d.tmp
- %TEMP%\2ca7a.tmp
- 'www.qk##w.com':80
- 'ha#######d.csonlinechina.com':80
- 'www.hs#n.tk':80
- 'localhost':1038
- www.qk##w.com/bai.htm
- ha#######d.csonlinechina.com/ahn.ui
- www.hs#n.tk/china.HTML
- www.hs#n.tk/cs.txt
- www.hs#n.tk/index9.htm
- DNS ASK ha#######d.csonlinechina.com
- DNS ASK www.qk##w.com
- DNS ASK www.hs#n.tk
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'