Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Driver] 'ImagePath' = 'c:\Driver.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\2JNW1J1HX1D1RH9ND9J9PF9L9RI0O0] 'ImagePath' = '%TEMP%\2JNW1J1HX1D1RH9ND9J9PF9L9RI0O0.dat'
- C:\ADriver.dll
- C:\Driver.sys
- %TEMP%\2JNW1J1HX1D1RH9ND9J9PF9L9RI0O0.dat
- %TEMP%\2JNW1J1HX1D1RH9ND9J9PF9L9RI0O0.dat
- 'pf##j.cn':80
- 'lo######t.ptlogin2.qq.com':4300
- http://www.pf##j.cn/3.txt via pf##j.cn
- DNS ASK www.pf##j.cn
- DNS ASK lo######t.ptlogin2.qq.com
- '<SYSTEM32>\cmd.exe' /c sc config "UxSms" start= demand
- '<SYSTEM32>\sc.exe' config "UxSms" start= demand