Technical Information
- [<HKLM>\System\CurrentControlSet\Services\BEC70F] 'ImagePath' = '%TEMP%\BEC70F.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\BEC70F] 'start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\81420] 'ImagePath' = '%TEMP%\81420.sys'
- 'BEC70F' %TEMP%\BEC70F.sys
- '81420' %TEMP%\81420.sys
- %WINDIR%\syswow64\myini.ini
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK fh###.####cn-beijing.aliyuncs.com
- DNS ASK a.##cs.com
- DNS ASK b.##cs.com
- DNS ASK c.##cs.com
- DNS ASK AB#.#5cs.com
- DNS ASK microsoft.com
- ClassName: '' WindowName: 'ВЎВЎВЎВЎВЎВЎ'