Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Safetray\' = '<SYSTEM32>\<File name>.exe'
- '<SYSTEM32>\reg.exe' add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Safetray\ /d <SYSTEM32>\<File name>.exe /f
- <SYSTEM32>\<File name>.exe
- 'localhost':1039
- 'au##.#earch.msn.com':80
- 'tj.##245.com':82
- 'aa#.#2245.com':80
- http://au##.#earch.msn.com/response.asp?MT###########################
- http://aa#.#2245.com/sogou/sogou_click_jsxs.php
- DNS ASK au##.#earch.msn.com
- DNS ASK aa#.#2245.com
- DNS ASK tj.##245.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''