Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\F10DG7Upu] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\F10DG7Upu] 'ImagePath' = '<SYSTEM32>\F10DG7Upu.sys'
- %TEMP%\nicotmp.ico
- <SYSTEM32>\F10DG7Upu.sys
- <Current directory>\lgezlljq.dll
- <Current directory>\updata\tmp.zip
- from <Current directory>\lgezlljq.dll to <Current directory>\onfntqgw.dll
- from <Current directory>\updata\tmp.zip to <Current directory>\updata\updata.zip
- 't.##.com':80
- '60.##0.218.140':8821
- 'mf.###eixian.com':8080
- 'localhost':1036
- 'si###loud.net':80
- 'tj.##zokan.com':8080
- http://t.##.com/jdg1904
- http://si###loud.net/yun2016/zhuye.txt
- http://si###loud.net/yun2016/updata.zip
- http://t.##.com/caiwen6514
- DNS ASK mf.###eixian.com
- DNS ASK my.##years.com
- DNS ASK t.##.com
- DNS ASK si###loud.net
- DNS ASK tj.##zokan.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''