Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Р¦»°' = '<Full path to virus> /S'
- C:\Idle..exe
- <SYSTEM32>\ipconfig.exe
- <SYSTEM32>\svchost.exe
- C:\ipdz.txt
- C:\Idle..exe
- C:\ipdz.txt
- 'sm##.qq.com':25
- 'ip.##veroot.com':80
- ip.##veroot.com/
- DNS ASK sm##.qq.com
- DNS ASK ip.##veroot.com