Technical Information
- %WINDIR%\win.ini
- '%HOMEPATH%\shouye.exe'
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\shouye.exe
- '12#.#0.154.201':80
- 'cd#.#qb3.com':80
- 'ap##.#ame.qq.com':80
- 'cd#.#uilet.com':80
- 'sp#.#aidu.com':443
- 'dd####er.dawanss.cn':80
- http://12#.#0.154.201/shouye.exe
- http://cd#.#qb3.com/API/General/client_log_user
- http://ap##.#ame.qq.com/comm-htdocs/ip/get_ip.php
- http://cd#.#uilet.com/api/filegoto1/bb88cbc808018be91114b9330143f2c8
- http://dd####er.dawanss.cn/API/General/gppcn
- 'sp#.#aidu.com':443
- DNS ASK cd#.#qb3.com
- DNS ASK cd#.#uilet.com
- DNS ASK ap##.#ame.qq.com
- DNS ASK sp#.#aidu.com
- DNS ASK cd#.#ackow.com
- DNS ASK dd####er.dawanss.cn
- '<SYSTEM32>\powercfg.exe'
- '<SYSTEM32>\secinit.exe'