Technical Information
- <SYSTEM32>\cmd.exe
- <Current directory>\ґъВлјЗВј.txt
- <Current directory>\DD81200x64.32.dll
- <Current directory>\¶ЁК±ЅШНј\2018Дк7ФВ18ИХ18К±49·Ц7Гл.png
- <Current directory>\К№УГЛµГчКй.pdf
- %TEMP%\CSWCLASS0.tmp
- <Current directory>\ґ°їЪЕдЦГ.ini
- %TEMP%\CSWCLASS0.tmp
- 'yu#######.#ss-cn-shenzhen.aliyuncs.com':443
- '20##.ip138.com':80
- 'cg#.#m.qq.com':80
- '47.##6.140.198':80
- http://20##.ip138.com/ic.asp
- http://cg#.#m.qq.com/cgi-bin/cgi_svrtime
- http://47.##6.140.198/yunrui/method.php?me#######################################################################################################################################################...
- DNS ASK 20##.ip138.com
- DNS ASK yu#######.#ss-cn-shenzhen.aliyuncs.com
- DNS ASK cg#.#m.qq.com
- '<SYSTEM32>\cmd.exe' /C rasphone -h VPNБ¬ЅУ33745 > %TEMP%\2900_1.txt
- '<SYSTEM32>\rasphone.exe' -h VPNБ¬ЅУ33745