Technical Information
- [HKLM\System\CurrentControlSet\Services\32d0d769164] 'ImagePath' = '%TEMP%\32d0d769164.bin'
- '32d0d769164' %TEMP%\32d0d769164.bin
- %TEMP%\gsdrv_x86.dll
- %TEMP%\32d0d769164.bin
- <SYSTEM32>\gsdrv.bin
- %TEMP%\gsdrv_x86.dll
- 'ba##u.com':80
- '43.##8.184.75':10101
- '15#.#38.73.250':9002
- '15##########50.oss-cn-beijing.aliyuncs.com':443
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://43.###.184.75:10101/AppEn.php?ap############################################### via 43.##8.184.75
- '15##########50.oss-cn-beijing.aliyuncs.com':443
- DNS ASK ba##u.com
- DNS ASK 15##########50.oss-cn-beijing.aliyuncs.com
- DNS ASK microsoft.com