Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cpan<File name>.exe' = '<Full path to file>'
- <Current directory>\ИХЦѕ.ini
- %WINDIR%\SysWOW64
- 'zj#.##otibang.net':4100
- '12#.#25.114.144':80
- http://do####ck.baidu.com/appsearch_AndroidPhone_v8.0.3(1.0.65.172)_1012271b.apk via 12#.#25.114.144
- DNS ASK zj#.##otibang.net
- DNS ASK do####ck.baidu.com
- '<SYSTEM32>\cmd.exe' /c copy /y "<File name>.exe" "%WINDIR%\SysWOW64"