Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\qfx86] 'ImagePath' = '%WINDIR%\qfx86.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\qfx86] 'Start' = '00000002'
- C:\kssqianfeng.ini
- %WINDIR%\up.ini
- <SYSTEM32>\XAudio2_7.dll
- 'www.pk##i.com':80
- 'hu#####ng.52cqwg.com':9998
- 'qd.##738.com':8080
- 'localhost':1035
- 'qf.##iii.com':9998
- http://www.pk##i.com/gg.txt
- http://www.pk##i.com/pojie.htm
- http://www.pk##i.com/
- DNS ASK www.pk##i.com
- DNS ASK hu#####ng.52cqwg.com
- DNS ASK qf.##iii.com
- DNS ASK qd.##738.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''