Technical Information
- [<HKLM>\System\CurrentControlSet\Services\kmemnetb.sys] 'ImagePath' = '%WINDIR%\9zc7tu\shvqbc.sys'
- 'kmemnetb.sys' %WINDIR%\9zc7tu\shvqbc.sys
- %WINDIR%\9zc7tu\k9ni24.json
- %WINDIR%\9zc7tu\1r4hf31.dll
- %WINDIR%\9zc7tu\pp2yjk2.dll
- %WINDIR%\9zc7tu\shvqbc.sys
- %WINDIR%\temp\udd201d.tmp
- %WINDIR%\temp\udd2839.tmp
- %WINDIR%\temp\udd3016.tmp
- %WINDIR%\temp\udd37f4.tmp
- %WINDIR%\temp\udd3fd1.tmp
- %WINDIR%\temp\udd47ae.tmp
- %WINDIR%\temp\udd201d.tmp
- %WINDIR%\temp\udd2839.tmp
- %WINDIR%\temp\udd3016.tmp
- %WINDIR%\temp\udd37f4.tmp
- %WINDIR%\temp\udd3fd1.tmp
- %WINDIR%\temp\udd47ae.tmp
- 'by##wall.cn':80
- http://www.by##wall.cn/hp/config.json
- DNS ASK by##wall.cn