Technical Information
- %WINDIR%\win.ini
- <SYSTEM32>\svchost.exe
- 'cd#.#qb3.com':80
- 'ap##.#ame.qq.com':80
- 'cd#.#uilet.com':80
- 'sp#.#aidu.com':443
- 'dd####er.dawanss.cn':80
- http://cd#.#qb3.com/API/General/client_log_user
- http://ap##.#ame.qq.com/comm-htdocs/ip/get_ip.php
- http://cd#.#uilet.com/api/filegoto1/24117abf806a6bac
- http://dd####er.dawanss.cn/API/General/gppcn
- 'sp#.#aidu.com':443
- DNS ASK cd#.#qb3.com
- DNS ASK ap##.#ame.qq.com
- DNS ASK cd#.#uilet.com
- DNS ASK sp#.#aidu.com
- DNS ASK cd#.#ackow.com
- DNS ASK dd####er.dawanss.cn
- '%WINDIR%\syswow64\cmd.exe' /c del /Q /F "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\sethc.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del /Q /F "<Full path to file>"
- '<SYSTEM32>\sdchange.exe'