Technical Information
- %WINDIR%\syswow64\drvinst.exe
- %WINDIR%\syswow64\cmd.exe
- <Current directory>\lhfvo1n.exe
- from <Full path to file> to %TEMP%\lhfvo1n\....\lhfvo1n
- 'o4##2f.cn':1219
- http://o4###f.cn:1219/Data/Mv1TfkcoezLT1vkinOXKC2GucNDAkA106TKSB5entMtU4TryBK50vPdAhdWrqzujM0mdazHDHyTsXKxLuoazyasW993gvBFWnRBS0AtQbv0x7QlBNi6KFlDerRkMwMjf32303231C4EA37D4C238C8D533CAB13436B7D6...
- DNS ASK o4##2f.cn
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\drvinst.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\drvinst.exe'