Technical Information
- <SYSTEM32>\winlogon.exe
- %WINDIR%\logs\wlanext.exe
- 'do##.#eebaba.pro':80
- 'do##.#eebaba.pro':443
- 'dn#.#lidns.com':443
- 'dn#.#lidns.com':80
- 'ap##.#ame.qq.com':443
- 'oc##.#igicert.cn':80
- 'sp#.#aidu.com':443
- http://do##.#eebaba.pro/pgm/mpr/c995ec7fd4f57c0d/0d78fe00f48f2148.zip.md5.txt
- http://dn#.#lidns.com/resolve?na##########################
- http://do##.#eebaba.pro/cfg/cmc/ping.txt
- http://do##.#eebaba.pro/cfg/cmc/userchange.txt
- http://do##.#eebaba.pro/cfg/cmc/userpq.zip
- http://oc##.#igicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D
- http://oc##.#igicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEAlZRMywkYGXHkcMpMgpr8c%3D
- 'do##.#eebaba.pro':443
- 'dn#.#lidns.com':443
- 'ap##.#ame.qq.com':443
- 'sp#.#aidu.com':443
- DNS ASK do##.#eebaba.pro
- DNS ASK dn#.#lidns.com
- DNS ASK ap##.#ame.qq.com
- DNS ASK oc##.#igicert.cn
- DNS ASK sp#.#aidu.com
- '23#.#23.112.211':41725
- '%WINDIR%\logs\wlanext.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"