Technical Information
- [HKLM\System\CurrentControlSet\Services\empty] 'ImagePath' = '<SYSTEM32>\QQProtect.sys'
- 'empty' <SYSTEM32>\\QQProtect.sys
- %WINDIR%\syswow64\qqprotect.sys
- <Current directory>\ВІГҐВјГѕ.dll
- C:\gg.ini
- %WINDIR%\syswow64\qqprotect.sys
- <Current directory>\ВІГҐВјГѕ.dll
- 'x1.#7yz.com':80
- http://x1.#7yz.com/y28/
- DNS ASK x1.#7yz.com