Technical Information
- <SYSTEM32>\upnpcont.exe
- <SYSTEM32>\d9gbi.dll
- <SYSTEM32>\ihgfe.dll
- <SYSTEM32>\cbazy.dll
- <SYSTEM32>\xwvus.dll
- <SYSTEM32>\rqpon.dll
- <SYSTEM32>\mtsrp.dll
- <SYSTEM32>\microsoft\svchost.exe
- %TEMP%\regini.txt
- %TEMP%\task.bat
- <SYSTEM32>\microsoft\svchost.exe
- %TEMP%\regini.txt
- %TEMP%\task.bat
- 'ma#.#aidu.com':80
- DNS ASK ma#.#aidu.com
- DNS ASK pd##.zzszgz.com
- DNS ASK pm##.##urnalforum.org
- DNS ASK pd.##szgz.com
- DNS ASK pe#.#angyx.com
- DNS ASK px###.hrt360.com
- DNS ASK pm.###rnalforum.org
- DNS ASK px##.ydt100.com
- DNS ASK pb##.zzszgz.com
- '<SYSTEM32>\microsoft\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\task.bat' (with hidden window)
- '<SYSTEM32>\upnpcont.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\task.bat
- '<SYSTEM32>\regini.exe' %TEMP%\regini.txt