Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'windowsss' = '<SYSTEM32>\<File name>b.exe'
- '<SYSTEM32>\<File name>b.exe'
- <SYSTEM32>\<File name>b.exe
- 'dk.##900.com':900
- 'ab.##900.com':900
- 'ji#.#i900.com':901
- DNS ASK dk.##900.com
- DNS ASK ab.##900.com
- DNS ASK ji#.#i900.com
- ClassName: 'TfrmMain' WindowName: 'ґ«ЖжКАЅзµЗВјЖч'
- ClassName: 'TfrmMain' WindowName: '??????????????'