Technical Information
- %WINDIR%\syswow64\choice.exe
- %WINDIR%\syswow64\cmd.exe
- <Current directory>\ho1vhpdye1alf0k.exe
- <Current directory>\config.ini
- from <Full path to file> to %TEMP%\ho1vhpdye1alf0k\....\ho1vhpdye1alf0k
- 'o4##2f.cn':1219
- 'o4##2f.cn':9004
- http://o4###f.cn:1219/Data/VV6QY1Y6QlEL4SA4N1lL6NEV64Q2CAYEVlOQLJ26EYYN42SJA2ELQ4YNQYNYEO4JEOVlQA1SOCY6EAQOSOS2VAO1ECANCVLN2YOlJ2V2l2YLVQO32303231C4EA37D4C23132C8D539CAB13137B7D63435C3EB.txt?11...
- http://o4###f.cn:1219/001/Tips.txt?11##### via o4##2f.cn
- DNS ASK o4##2f.cn
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'CrossFire' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\choice.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\choice.exe'