Technical Information
- <Full path to virus>
- %TEMP%\temp\hidep.dll
- <SYSTEM32>\hide.sys
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\efdexqw
- %TEMP%\aut2.tmp
- <SYSTEM32>\hide.sys
- %TEMP%\aut1.tmp
- %TEMP%\efdexqw
- 'ip##.#aigou51.com':8899
- 'us###.baigou51.com':5186
- DNS ASK ip##.#aigou51.com
- DNS ASK us###.baigou51.com