Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '<File name>.exe' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'HD_ls.exe' = '<SYSTEM32>\HD_ls.exe'
- %TEMP%\1.dat
- %WINDIR%\hd_.exe
- <Current directory>\hd_<File name>.exe
- %WINDIR%\syswow64\hd_ls.exe
- <Current directory>\hd_<File name>.exe
- 'hz##ycm.com':80
- 'qq#####3.f08.87yun.club':80
- 'hi#####n.tokachat.com':80
- http://qq#####3.f08.87yun.club/hm.txt
- http://www.hz##ycm.com/1/1.txt
- http://qq#####3.f08.87yun.club/hm.dat
- http://hi#####n.tokachat.com/1/zhuomiankuaijiefangshi.txt
- http://hi#####n.tokachat.com/1/qq.txt
- http://hi#####n.tokachat.com/1/ip.txt
- http://hi#####n.tokachat.com/1/yhdbb.txt
- DNS ASK hz##ycm.com
- DNS ASK qq#####3.f08.87yun.club
- DNS ASK hi#####n.tokachat.com
- '<Current directory>\hd_<File name>.exe'