Technical Information
- <SYSTEM32>\tasks\ГЇВµГ³éý¼¶
- Handler for all processes: %TEMP%\hdz_121856.dll
- C:\users\public\documents\netuser.tmp
- %TEMP%\hdz_121856.dll
- <Full path to file>
- '38.##1.24.38':1150
- 'wh###.#conline.com.cn':80
- http://wh###.#conline.com.cn/jsFunction.jsp
- '38.##1.24.38':1150
- DNS ASK wh###.#conline.com.cn
- '<SYSTEM32>\rundll32.exe' %TEMP%\hdz_121856.dll,StartHook' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %TEMP%\hdz_121856.dll,StartHook