Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SQLServer] 'Start' = '00000001'
- <SYSTEM32>\F539tjx6l.sys
- <SYSTEM32>\SQLServer.sys
- <Current directory>\updata\tmp.zip
- <SYSTEM32>\CDCE8VZY7.sys
- <SYSTEM32>\MakeAtManage.sys
- from <Current directory>\updata\tmp.zip to <Current directory>\updata\updata.zip
- 'zh###.#0.upaiyun.com':80
- 'mi####i.765wg.com':80
- 'ww.##904.com':80
- 'localhost':1046
- 'localhost':1041
- 't.##.com':80
- '52########dan000.stor.sinaapp.com':80
- 'bu########uding.stor.sinaapp.com':80
- zh###.#0.upaiyun.com/up/zhuye.txt
- 52########dan000.stor.sinaapp.com/2/ddta2.txt
- ww.##904.com/
- mi####i.765wg.com/
- t.##.com/sddosas/mine
- bu########uding.stor.sinaapp.com/cq/updata.zip
- 52########dan000.stor.sinaapp.com/2/jdho1.txt
- DNS ASK zh###.#0.upaiyun.com
- DNS ASK ww.##904.com
- DNS ASK my.##years.com
- DNS ASK mi####i.765wg.com
- DNS ASK t.##.com
- DNS ASK bu########uding.stor.sinaapp.com
- DNS ASK 52########dan000.stor.sinaapp.com
- ClassName: '' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''