Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\VSS Server] 'Start' = '00000002'
- '%PROGRAM_FILES%\Microsoft Xonkxo\svchost.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %PROGRAM_FILES%\AppPatch\8.58.dll
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\8.58[1].dll
- %PROGRAM_FILES%\Microsoft Xonkxo\svchost.exe
- '11##mc.com':80
- 11##mc.com/cj/8.58.dll
- DNS ASK 11##mc.com