Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\RasMan] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Eventlog] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\TapiSrv] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' config SstpSvc start= AUTO
- '<SYSTEM32>\sc.exe' start eventlog
- '<SYSTEM32>\sc.exe' config RasMan start= AUTO
- '<SYSTEM32>\sc.exe' start SstpSvc
- '<SYSTEM32>\sc.exe' config TapiSrv start= AUTO
- '<SYSTEM32>\cmd.exe' /c %TEMP%\jcwbxz.bat
- '<SYSTEM32>\sc.exe' config eventlog start= AUTO
- '<SYSTEM32>\sc.exe' start TapiSrv
- C:\jsquser.ini
- %TEMP%\jcwbxz.bat
- 'li###.qqjinpai.com':80
- 'li##.#qjinpai.com':80
- 'localhost':1037
- http://li###.qqjinpai.com/vip/jsq/banben.txt
- http://li##.#qjinpai.com/vip/jsq/2.1/gg.html
- http://li##.#qjinpai.com/vip/jsq/banben.txt
- DNS ASK li###.qqjinpai.com
- DNS ASK li##.#qjinpai.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''