Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'vv' = '<SYSTEM32>\rundll32.exe "<Current directory>\Killeds.dll",gPack'
- '<SYSTEM32>\rundll32.exe' "<Current directory>\Killeds.dll",gPack
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'FileMonClass', WindowName: ''
- <Current directory>\Killeds.dll
- 'bl##.#ina.com.cn':80
- http://bl##.#ina.com.cn/u/5617029699
- DNS ASK bl##.#ina.com.cn
- DNS ASK gm#.#hnlab.com
- ClassName: '18467-41' WindowName: ''