Technical Information
- C:\cc_.txt
- <Current directory>\eylogin.dll
- %WINDIR%\syswow64\advpacck.exe
- %WINDIR%\linkinfo.dll
- %WINDIR%\syswow64\advpacck.exe
- 'pl####.eydata.net':443
- 'wo####nge.3322.org':8000
- 'pa#.#aidu.com':80
- 'pl####.eydata.net':443
- DNS ASK co###.2881.com
- DNS ASK ke##pan.com
- DNS ASK pl####.eydata.net
- DNS ASK wo####nge.3322.org
- DNS ASK pa#.#aidu.com
- '%WINDIR%\syswow64\advpacck.exe'
- '%WINDIR%\syswow64\regsvr32.exe' /s "<Current directory>\eylogin.dll"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rundll32.exe %WINDIR%\linkinfo.dll hi' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /s "<Current directory>\eylogin.dll"
- '%WINDIR%\syswow64\cmd.exe' /c rundll32.exe %WINDIR%\linkinfo.dll hi
- '%WINDIR%\syswow64\rundll32.exe' %WINDIR%\linkinfo.dll hi