Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TencenQQ' = '<Full path to virus>'
- C:\TDDownload\TDTools\FreeDesk_cpa90.exe (downloaded from the Internet)
- C:\TDDownload\TDTools\FreeDesk_cpa90.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\FreeDesk_cpa90[1].exe
- 'd1.###rotect.net':90
- 'www.ea##.com.cn':80
- www.ea##.com.cn/frame/upload/client/llclient/FreeDesk_cpa90.exe
- DNS ASK d1.###rotect.net
- DNS ASK www.ea##.com.cn
- '<Private IP address>':1036
- ClassName: 'Indicator' WindowName: ''