Technical Information
- %TEMP%\aut640b.tmp
- %TEMP%\2396gtkbqmc
- %TEMP%\aut640b.tmp
- %TEMP%\2396gtkbqmc
- 'ia.#1.la':80
- http://xz###.ha123a.com/jihuo/20200604sss111.html
- http://js.##ers.51.la/20818569.js
- DNS ASK xz###.ha123a.com
- DNS ASK js.##ers.51.la
- DNS ASK ia.#1.la
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c ping 127.0.0.1 -n 3&del /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ping 127.0.0.1 -n 3&del /q "<Full path to file>"
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 3