Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '<Full path to file>'
- <Current directory>\para.ini
- <Current directory>\index.ini
- 'ap##.#ptocycle.com':80
- http://ap##.#ptocycle.com/update/index.ini
- http://ap##.#ptocycle.com/aps.php/Isfreed/sanll
- http://ap##.#ptocycle.com/aps.php/udata/user_info
- http://ap##.#ptocycle.com/aps.php/udata/pc_domain_info
- DNS ASK ap##.#ptocycle.com
- ClassName: 'MegWnd' WindowName: 'SearchIndexerWnd'
- '%WINDIR%\syswow64\cmd.exe' /c whoami' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c netsh wlan show profiles' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c whoami
- '%WINDIR%\syswow64\whoami.exe'
- '%WINDIR%\syswow64\cmd.exe' /c netsh wlan show profiles
- '%WINDIR%\syswow64\netsh.exe' wlan show profiles