Technical Information
- <SYSTEM32>\tasks\baiduupdatemgr
- %APPDATA%\kingsoft\pdfprotected.exe
- %APPDATA%\kingsoft\ps.zip
- %APPDATA%\kingsoft\sqlite3.dll
- %APPDATA%\kingsoft\update.bin
- %APPDATA%\kingsoft\update.dat
- %APPDATA%\kingsoft\jisupdf.exe
- %APPDATA%\kingsoft\msvcr100.dll
- %APPDATA%\kingsoft\ps.zip
- %APPDATA%\kingsoft\pdfprotected.exe
- '10#.#42.147.126':80
- '16#.#52.167.149':9235
- http://10#.#42.147.126/p149.zip
- '16#.#52.167.149':9235
- '%APPDATA%\kingsoft\pdfprotected.exe' download
- '%APPDATA%\kingsoft\jisupdf.exe'
- '%APPDATA%\kingsoft\update.bin'
- '%APPDATA%\kingsoft\pdfprotected.exe' download' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file>' (with hidden window)
- '%APPDATA%\kingsoft\jisupdf.exe' ' (with hidden window)
- '%APPDATA%\kingsoft\update.bin' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del %APPDATA%\kingsoft\pdfprotected.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file>
- '%WINDIR%\syswow64\cmd.exe' /c del %APPDATA%\kingsoft\pdfprotected.exe