Technical Information
- <SYSTEM32>\conhost.exe
- http://ap##.#ame.qq.com/comm-htdocs/ip/get_ip.php
- http://cd#.#goutt.com/api/filegoto1/ac351053dc444d56
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://cd#.#utaopt.cn/API/General/lsrpu
- http://tu##utd.cn/api/r/mcm
- http://mm##d.xyz/api/r/mcm
- DNS ASK cd#.#goutt.com
- DNS ASK wl#zad
- DNS ASK ap##.#ame.qq.com
- DNS ASK sp#.#aidu.com
- DNS ASK microsoft.com
- DNS ASK cd#.#utaopt.cn
- DNS ASK tu##utd.cn
- DNS ASK mm##d.xyz
- DNS ASK st####.rapidssl.com
- ClassName: 'ProgMan' WindowName: ''
- ClassName: 'SHELLDLL_DefView' WindowName: ''
- '<SYSTEM32>\ipconfig.exe' /flushdns' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /Q /F "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\userinit.exe'
- '<SYSTEM32>\ipconfig.exe' /flushdns
- '%WINDIR%\syswow64\cmd.exe' /c del /Q /F "<Full path to file>"