Technical Information
- '%WINDIR%\syswow64\at.exe'
- %WINDIR%\syswow64\at.exe
- C:\exuikrnln.dll
- %WINDIR%\syswow64\exuikrnln.dll
- C:\exuikrnln.ini
- 'no##.youdao.com':80
- 'bu#########e-online-cdn.note.youdao.com':443
- 'oc##.#igicert.cn':80
- http://no##.youdao.com/yws/api/personal/file/788EBDCFEE51421EA4C21C70006019CD?me###################################################################
- http://oc##.#igicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAsTYrbuap0%2Blokw8W4gfTk%3D
- http://oc##.#igicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRXf%2BqAIajMnZeiQcx27p1CzET2wQUJG%2BRP4mHhw4ywkAY38VM60%2FISTICEARpHnniO1nFqCOqTkLgf1Q%3D
- 'bu#########e-online-cdn.note.youdao.com':443
- DNS ASK no##.youdao.com
- DNS ASK bu#########e-online-cdn.note.youdao.com
- DNS ASK oc##.#igicert.cn
- '%WINDIR%\syswow64\cmd.exe' /c del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del "<Full path to file>"