Technical Information
- <SYSTEM32>\tasks\ГЇВµГ³éý¼¶
- %ALLUSERSPROFILE%\rundl123.exe
- C:\users\public\documents\netuser.tmp
- %ALLUSERSPROFILE%\rundl123.exe
- '38.##.220.105':1150
- 'wh###.#conline.com.cn':80
- http://wh###.#conline.com.cn/jsFunction.jsp
- '38.##.220.105':1150
- DNS ASK wh###.#conline.com.cn
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%ALLUSERSPROFILE%\rundl123.exe'
- '%ALLUSERSPROFILE%\rundl123.exe' ' (with hidden window)