Technical Information
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '°²È«·À»¤ÖÐÐÄÄ£¿é' = 'C:\Users\Public\Documents\MM\svchost.exe'
- <SYSTEM32>\tasks\windowswatchdog
- %ALLUSERSPROFILE%\3.txt
- %ALLUSERSPROFILE%\shell.ini
- C:\users\public\documents\mm\1.sys
- C:\users\public\documents\mm\2.txt
- C:\users\public\documents\mm\4.txt
- C:\users\public\documents\mm\qidianbrowsermgr.dll
- C:\users\public\documents\mm\svchost.exe
- '19#.#30.202.52':35
- '19#.#30.202.48':449
- '20#.#19.117.209':8001
- http://19#.##0.202.52:35/3.txt via 19#.#30.202.52
- http://19#.##0.202.52:35/1.txt via 19#.#30.202.52
- http://19#.##0.202.52:35/2.txt via 19#.#30.202.52
- http://19#.##0.202.52:35/4.txt via 19#.#30.202.52
- http://19#.##0.202.52:35/5.txt via 19#.#30.202.52
- http://19#.##0.202.52:35/6.txt via 19#.#30.202.52
- '19#.#30.202.48':449
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c md C:\Users\Public\Documents\MM' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c md C:\Users\Public\Documents\MM