Technical Information
- <Current directory>\044m9obe.exe
- 'ns#.#nspod.net':6666
- 'ba##u.com':80
- 'c1.#yyz.com':80
- http://c1.#yyz.com/UserApi?
- DNS ASK ns#.#nspod.net
- DNS ASK c1.#yyz.com
- DNS ASK ba##u.com
- '<Current directory>\044m9obe.exe' suijitezheng
- '<Current directory>\044m9obe.exe' suijitezheng' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul
- '%WINDIR%\syswow64\cmd.exe' /c cls