Technical Information
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '°²È«·À»¤ÖÐÐÄÄ£¿é' = 'C:\Users\Public\Documents\MM\svchost.exe'
- <SYSTEM32>\tasks\windowswatchdog
- %ALLUSERSPROFILE%\3.txt
- %ALLUSERSPROFILE%\shell.ini
- C:\users\public\documents\mm\1.sys
- C:\users\public\documents\mm\2.txt
- C:\users\public\documents\mm\4.txt
- C:\users\public\documents\mm\qidianbrowsermgr.dll
- C:\users\public\documents\mm\svchost.exe
- '21#.#24.125.143':35
- '21#.#24.125.143':201
- '20#.#19.117.209':8005
- http://21#.##4.125.143:35/3.txt via 21#.#24.125.143
- http://21#.##4.125.143:35/1.txt via 21#.#24.125.143
- http://21#.##4.125.143:35/2.txt via 21#.#24.125.143
- http://21#.##4.125.143:35/4.txt via 21#.#24.125.143
- http://21#.##4.125.143:35/5.txt via 21#.#24.125.143
- http://21#.##4.125.143:35/6.txt via 21#.#24.125.143
- '21#.#24.125.143':201
- '20#.#19.117.209':8005
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c md C:\Users\Public\Documents\MM' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c md C:\Users\Public\Documents\MM