Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\9339bWJLl] 'ImagePath' = '%WINDIR%\9339bWJLl.sys'
- %WINDIR%\9339bWJLl.sys
- 'si###torage.com':80
- 'bl##.#ina.com.cn':80
- 'py#####56.blog.163.com':80
- http://si###torage.com/yun2016/Atshz.txt
- http://bl##.#ina.com.cn/s/blog_1520508500102wnfh.html
- http://py#####56.blog.163.com/blog/static/263923002201662871155573
- http://si###torage.com/yun2016/B32d.rar
- DNS ASK si###torage.com
- DNS ASK bl##.#ina.com.cn
- DNS ASK py#####56.blog.163.com