Technical Information
- [<HKLM>\System\CurrentControlSet\Services\1AAC4Ql6S] 'ImagePath' = '%WINDIR%\1AAC4Ql6S.sys'
- [<HKLM>\System\CurrentControlSet\Services\1AAC4Ql6S] 'Start' = '00000001'
- '1AAC4Ql6S' %WINDIR%\1AAC4Ql6S.sys
- DNS server to '114.114.114.114'
- DNS server to '<DNS_SERVER>'
- %WINDIR%\1aac4ql6s.sys
- <DRIVERS>\ab82spjx.sys
- 'si###torage.com':80
- 'bl##.#ina.com.cn':80
- 'py#####56.blog.163.com':80
- '10#.#01.172.229':80
- '22#.#9.68.50':80
- '1.##4.187.4':80
- '58.##3.140.96':80
- http://si###torage.com/yun2016/B64d.rar
- DNS ASK si###torage.com
- DNS ASK bl##.#ina.com.cn
- DNS ASK wg###.11291.wang
- DNS ASK py#####56.blog.163.com
- DNS ASK bl##.163.com
- DNS ASK ba##u.com
- DNS ASK os#.##iyungx.com