Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'windows' = '<SYSTEM32>\SearchProtoconlHost.exe'
- %WINDIR%\syswow64\cmd.exe
- %TEMP%\cof.ini
- %TEMP%\test.dll
- %TEMP%\e2eecore.2.7.2.dll
- %WINDIR%\syswow64\searchprotoconlhost.exe
- %WINDIR%\syswow64\searchprotoconlhost.exe
- 'xi###########2619.cos.ap-beijing.myqcloud.com':443
- 'dl##.#####n-beijing.aliyuncs.com':80
- '12#.#6.22.87':10086
- 'uc.cn':443
- '47.##1.143.61':2333
- 'ip##8.com':80
- 'ip##8.com':443
- 'cr#.##gicert-cn.com':80
- 'oc##.dcocsp.cn':80
- 'microsoft.com':80
- http://oc##.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEA3oH0EtGpAiA83DRMOY6g8%3D
- DNS ASK xi###########2619.cos.ap-beijing.myqcloud.com
- DNS ASK dl##.#####n-beijing.aliyuncs.com
- DNS ASK uc.cn
- DNS ASK ip##8.com
- DNS ASK 20##.ip138.com
- DNS ASK oc##.dcocsp.cn
- DNS ASK cr#.##gicert-cn.com
- DNS ASK microsoft.com
- DNS ASK st####.rapidssl.com
- ClassName: '' WindowName: 'Microsoft Internet Explorer'
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'