Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\510037] 'ImagePath' = '<Current directory>\510037.sys'
- <Current directory>\510037.sys
- <Current directory>\510037.sys
- 'we#.#l123.top':8080
- http://we#.#l123.top/x64.html
- http://im####.baidu.com/tieba/pic/item/2cf5e0fe9925bc3141b05ace51df8db1ca1370f2.jpg
- http://im####.baidu.com/tieba/pic/item/2fdda3cc7cd98d10110862672e3fb80e7aec9083.jpg
- http://im####.baidu.com/tieba/pic/item/fd039245d688d43f2acab7a5721ed21b0ef43b01.jpg
- http://38.##.100.148/?a=#####################################
- DNS ASK in###nic.com
- DNS ASK we#.#l123.top
- DNS ASK im####.baidu.com