Technical Information
- <SYSTEM32>\dllcache\services.exe with <SYSTEM32>\dllcache\services.exe
- <SYSTEM32>\services.exe with <SYSTEM32>\services.exe
- <SYSTEM32>\internet.dll
- <SYSTEM32>\ctfmon.exe.dat
- <SYSTEM32>\internet.dll
- from <SYSTEM32>\dllcache\services.exe to <SYSTEM32>\dllcache\services.exe.bak
- from <SYSTEM32>\services.exe to <SYSTEM32>\services.exe.bak
- from <Full path to virus> to %TEMP%\QQShell.exe
- 'www.5u##sf.com':9878
- DNS ASK www.5u##sf.com