Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Driver] 'ImagePath' = 'c:\Driver.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\9JN5BGS2Q] 'ImagePath' = '%TEMP%\9JN5BGS2Q.dat'
- C:\ADriver.dll
- C:\Driver.sys
- %TEMP%\9JN5BGS2Q.dat
- %TEMP%\9JN5BGS2Q.dat
- 'pf##j.cn':80
- 'lo######t.ptlogin2.qq.com':4300
- http://www.pf##j.cn/3.txt via pf##j.cn
- DNS ASK www.pf##j.cn
- DNS ASK lo######t.ptlogin2.qq.com
- '<SYSTEM32>\cmd.exe' /c sc config "UxSms" start= demand
- '<SYSTEM32>\sc.exe' config "UxSms" start= demand