Technical Information
- C:\pubgcatalog.ini
- %TEMP%\49656e691478bfbff406f1ap.dll
- %TEMP%\49656e691478bfbff406f1ap.exe
- http://ap##.#ame.qq.com/comm-htdocs/ip/get_ip.php
- DNS ASK ap##.#ame.qq.com
- '%TEMP%\49656e691478bfbff406f1ap.exe'
- '%TEMP%\49656e691478bfbff406f1ap.exe' ' (with hidden window)
- '%WINDIR%\syswow64\net.exe' start UxSms' (with hidden window)
- '%WINDIR%\syswow64\net.exe' start UxSms
- '%WINDIR%\syswow64\net1.exe' start UxSms