Technical Information
- [<HKLM>\software\Wow6432Node\microsoft\windows\CurrentVersion\Run] '<File name>.exe' = '<Full path to file>'
- 'aq.#y.com':443
- 'lg#.yy.com':443
- 'yy.com':80
- 'cr#.##gicert-cn.com':80
- 'oc##.dcocsp.cn':80
- 'microsoft.com':80
- http://oc##.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEAazeQNdMUy43GisOeZFKho%3D
- 'aq.#y.com':443
- 'yy.com':443
- 'dw#.cn':443
- DNS ASK aq.#y.com
- DNS ASK lg#.yy.com
- DNS ASK dw#.cn
- DNS ASK yy.com
- DNS ASK cr#.##gicert-cn.com
- DNS ASK oc##.dcocsp.cn
- DNS ASK microsoft.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''