Technical Information
- [<HKLM>\System\CurrentControlSet\Services\AB1MQpTK] 'Start' = '00000000'
- [<HKLM>\System\CurrentControlSet\Services\AB1MQpTK] 'ImagePath' = 'system32\drivers\AB1MQpTK.sys'
- 'AB1MQpTK' <DRIVERS>\AB1MQpTK.sys
- <DRIVERS>\ab1mqptk.sys
- <DRIVERS>\e555a2c5
- <DRIVERS>\etc\hosts
- '12#.#2.138.217':58080
- 'sa##.xmdlq.com':80
- 'im###.baidu.com':80
- DNS ASK sa##.xmdlq.com
- DNS ASK im###.baidu.com
- DNS ASK go.###o23424.com
- '%WINDIR%\syswow64\cmd.exe' /c rd "<DRIVERS>\etcXaFdE" /S /Q' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rd "<DRIVERS>\etcXaFdE" /S /Q