Technical Information
- [<HKLM>\System\CurrentControlSet\Services\AC] 'ImagePath' = '%HOMEPATH%\Documents\xCxpU.sys'
- <Current directory>\ac.dll
- %TEMP%\my.{20d04fe0-3aea-1069-a2d8-08002b30309d}\lock.lock
- %HOMEPATH%\gcg.txt
- %HOMEPATH%\documents\xcxpu.sys
- <Current directory>\ac.dll
- %TEMP%\my.{20d04fe0-3aea-1069-a2d8-08002b30309d}\lock.lock
- %HOMEPATH%\documents\xcxpu.sys
- from <Full path to file> to %TEMP%\1163828\....\temporaryfile
- '20##.ip138.com':80
- '10#.#0.240.220':9001
- DNS ASK ip.##inaz.com
- DNS ASK 20##.ip138.com