Technical Information
- %WINDIR%\syswow64\certutil.exe
- %WINDIR%\syswow64\cmd.exe
- <Current directory>\fh9yl3r.exe
- <Current directory>\config.ini
- 'o4##2f.cn':1219
- 'o4##2f.cn':9004
- http://o4###f.cn:1219/Data/Ol4LEENSNQlEQSOlNC4S1EQONlCE2A421YSNQ11Ql4Y4OJYlOCEC6El6l21YlY22CLQC6VLN1l6lC2A1LY4YLJOQSO4JAJOC64QONE1AEJQS11AYCLEEOSSNOLCYl32303231C4EA37D4C239C8D53135CAB13339B7D63...
- http://o4###f.cn:1219/001/Tips.txt?11##### via o4##2f.cn
- DNS ASK o4##2f.cn
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'CrossFire' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\certutil.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\certutil.exe'