Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '%WINDIR%\Skin.dll'
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 && del /q "<Full path to file>"
- %WINDIR%\Skin.dll
- 'tj.##ingweb.com':80
- http://tj.##ingweb.com/api.php?ma#######################################################
- DNS ASK tj.##ingweb.com
- ClassName: 'jjhgame' WindowName: '????????'
- ClassName: 'jjhgame' WindowName: 'УОП·ґуМь'
- ClassName: 'ChenLongGamePlaza' WindowName: 'УОП·ґуМь'
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'ChenLongGamePlaza' WindowName: '????????'