Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Driver] 'ImagePath' = 'c:\Driver.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\F17Q02B2309TXK5D3A484C1] 'ImagePath' = '%TEMP%\F17Q02B2309TXK5D3A484C1.dat'
- ClassName: 'ollydbg', WindowName: ''
- ClassName: 'TDeDeMainForm', WindowName: ''
- ClassName: 'TIdaWindow', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- C:\ADriver.dll
- C:\Driver.sys
- %TEMP%\F17Q02B2309TXK5D3A484C1.dat
- %TEMP%\F17Q02B2309TXK5D3A484C1.dat
- 'pf##j.cn':80
- 'lo######t.ptlogin2.qq.com':4300
- http://www.pf##j.cn/3.txt via pf##j.cn
- DNS ASK www.pf##j.cn
- DNS ASK lo######t.ptlogin2.qq.com
- ClassName: '1212121' WindowName: ''
- ClassName: 'icu_dbg' WindowName: ''
- ClassName: 'pe--diy' WindowName: ''
- ClassName: 'odbydyk' WindowName: ''
- ClassName: '' WindowName: 'Import REConstructor v1.6 FINAL (C) 2001-2003 MackT/uCF'
- ClassName: 'kk1' WindowName: ''
- ClassName: 'Eew75' WindowName: ''
- ClassName: 'Shadow' WindowName: ''
- ClassName: 'WinDbgFrameClass' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c sc config "UxSms" start= demand
- '<SYSTEM32>\sc.exe' config "UxSms" start= demand