Technical Information
- %WINDIR%\help\wmiprvser.exe
- '12#.#5.129.189':81
- 'po##.330com.com':5555
- http://12#.##.129.189:81/64.jpg via 12#.#5.129.189
- http://12#.##.129.189:81/Update.jpg via 12#.#5.129.189
- DNS ASK do##.23ssh.com
- DNS ASK po##.330com.com
- '%WINDIR%\help\wmiprvser.exe'
- '%WINDIR%\help\wmiprvser.exe' ' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' delete MicrosoftMysql' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' delete serivces' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' delete conhost' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' delete MicrosotMaims' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' delete MicrosotMais' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' delete MicrosoftMysql
- '%WINDIR%\syswow64\sc.exe' delete serivces
- '%WINDIR%\syswow64\sc.exe' delete conhost
- '%WINDIR%\syswow64\sc.exe' delete MicrosotMaims
- '%WINDIR%\syswow64\sc.exe' delete MicrosotMais