Technical Information
- %TEMP%\A325C14C-CD2D-49a1-93E7-5693E0B44078
- <SYSTEM32>\A325C14C-CD2D-49a1-93E7-5693E0B44078
- <Current directory>\ИИСЄєП»чV2.0_WCA.exe
- %TEMP%\A325C14C-CD2D-49a1-93E7-5693E0B44078
- <SYSTEM32>\A325C14C-CD2D-49a1-93E7-5693E0B44078
- <Current directory>\ИИСЄєП»чV2.0_WCA.exe
- 'li###.fpmen.com':80
- 'li###.pk9g.com':80
- 'li###.jxsl123.com':80
- http://li###.fpmen.com/UserUpdata/EEEE6637F88CDF6E4AE9C6/��Ѫ�ϻ�V2.0.exe.txt
- http://li###.fpmen.com/UserId/EEEE6637F88CDF6E4AE9C6.txt
- http://li###.pk9g.com/UserId/EEEE6637F88CDF6E4AE9C6.txt
- http://li###.jxsl123.com/UserId/EEEE6637F88CDF6E4AE9C6.txt
- DNS ASK li###.fpmen.com
- DNS ASK li###.pk9g.com
- DNS ASK li###.jxsl123.com
- '<Current directory>\ИИСЄєП»чV2.0_WCA.exe'
- '<SYSTEM32>\cmd.exe' /c netsh advfirewall set allprofiles state off
- '<SYSTEM32>\netsh.exe' advfirewall set allprofiles state off