Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- <SYSTEM32>\qmgr.dll with <SYSTEM32>\qmgr.dll
- <SYSTEM32>\dllcache\qmgr.dll with <SYSTEM32>\dllcache\qmgr.dll
- %WINDIR%\dll.bak with <SYSTEM32>\qmgr.dll
- C:\file.tmp
- C:\file.tmp
- from <SYSTEM32>\dllcache\qmgr.dll to %WINDIR%\dll.bak
- 'qq####1310.3322.org':1987
- DNS ASK qq####1310.3322.org