Technical Information
- [<HKLM>\System\CurrentControlSet\Services\3A79GcxKf] 'ImagePath' = '%WINDIR%\3A79GcxKf.sys'
- '3A79GcxKf' %WINDIR%\3A79GcxKf.sys
- %WINDIR%\3a79gcxkf.sys
- %WINDIR%\temp\udd70cc.tmp
- %WINDIR%\temp\udd7899.tmp
- %WINDIR%\temp\udd8077.tmp
- %WINDIR%\temp\udd8854.tmp
- %WINDIR%\temp\udd9032.tmp
- %WINDIR%\temp\udd980f.tmp
- %WINDIR%\temp\udd70cc.tmp
- %WINDIR%\temp\udd7899.tmp
- %WINDIR%\temp\udd8077.tmp
- %WINDIR%\temp\udd8854.tmp
- %WINDIR%\temp\udd9032.tmp
- %WINDIR%\temp\udd980f.tmp
- 'si###torage.com':80
- 'bl##.#ina.com.cn':80
- 'py#####56.blog.163.com':80
- http://si###torage.com/yun2016/Atshz.txt
- http://bl##.#ina.com.cn/s/blog_1520508500102wnfh.html
- http://py#####56.blog.163.com/blog/static/263923002201662871155573
- http://si###torage.com/yun2016/B64d.rar
- DNS ASK si###torage.com
- DNS ASK bl##.#ina.com.cn
- DNS ASK py#####56.blog.163.com