Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'perfmon' = '%LOCALAPPDATA%\Common\perfmon.exe'
- %LOCALAPPDATA%\common\perfmon.exe
- %LOCALAPPDATA%\common\ddraw.dll
- %TEMP%\daqt5w6za3
- 'tw.##52sg.top':80
- 'sf.##52sg.top':80
- 'gz##swkj.cn':80
- 'kk.##52sg.top':7983
- http://tw.##52sg.top/new_item_200/SoftCfg.json
- http://tw.##52sg.top/new_item_200/FilesCfg.json
- http://sf.##52sg.top/vs/vsc.bin
- http://sf.##52sg.top/vs/vsp.bin
- http://kk.###2sg.top:7983/kss_io/io.php?v=################################################ via kk.##52sg.top
- DNS ASK tw.##52sg.top
- DNS ASK sf.##52sg.top
- DNS ASK gz##swkj.cn
- DNS ASK kk.##52sg.top
- '%WINDIR%\syswow64\wbem\wmic.exe' BaseBoard get SerialNumber' (with hidden window)
- '%WINDIR%\syswow64\wbem\wmic.exe' BaseBoard get SerialNumber