Technical Information
- [<HKLM>\System\CurrentControlSet\Services\5yyz] 'ImagePath' = '%TEMP%\ANTI.sys'
- <Current directory>\adsl.dll
- C:\baidu.js
- %TEMP%\1f6.tmp
- %TEMP%\283.tmp
- %TEMP%\2c3.tmp
- %TEMP%\968.tmp
- %TEMP%\9a7.tmp
- %TEMP%\9c8.tmp
- %TEMP%\9d8.tmp
- %TEMP%\a18.tmp
- %TEMP%\a38.tmp
- %TEMP%\a49.tmp
- %TEMP%\a79.tmp
- %TEMP%\a99.tmp
- %TEMP%\anti.sys
- <Current directory>\随便1.txt
- <Current directory>\adsl.dll
- C:\baidu.js
- %TEMP%\1f6.tmp
- %TEMP%\283.tmp
- %TEMP%\2c3.tmp
- %TEMP%\968.tmp
- %TEMP%\9a7.tmp
- %TEMP%\9c8.tmp
- %TEMP%\9d8.tmp
- %TEMP%\a18.tmp
- %TEMP%\a38.tmp
- %TEMP%\a49.tmp
- %TEMP%\a79.tmp
- %TEMP%\a99.tmp
- %TEMP%\anti.sys
- C:\baidu.js
- http://ar####0703.icoc.vc/col.jsp?id####
- http://2.##yz.com/UserC2
- DNS ASK c1.#yyz.com
- DNS ASK 2.##yz.com
- DNS ASK ar####0703.icoc.vc
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32 -s c:\baidu.js
- '%WINDIR%\syswow64\regsvr32.exe' -s c:\baidu.js