Technical Information
- [<HKLM>\System\CurrentControlSet\Services\QRSbUPMC.sys] 'ImagePath' = '%TEMP%\pWNpf.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\pWNpf] 'ImagePath' = '<DRIVERS>\pWNpf.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\pWNpf] 'Start' = '00000000'
- 'QRSbUPMC.sys' %TEMP%\pWNpf.sys
- 'pWNpf' <DRIVERS>\pWNpf.sys
- %HOMEPATH%\register_x99.dat
- %TEMP%\pwnpf.sys
- <DRIVERS>\pwnpf.sys
- <SYSTEM32>\config\hardware
- 'dw.##fc888.com':8081
- http://dw.###c888.com:8081/baseadmin/openApi/9hyx7 via dw.##fc888.com
- http://dw.###c888.com:8081/baseadmin/openApi/ux76i via dw.##fc888.com
- DNS ASK dw.##fc888.com