Technical Information
Modifies file system
Creates the following files
- %ALLUSERSPROFILE%\shell.ini
Deletes itself.
Network activity
Connects to
- 'pi#.##ixiongz.com':443
- 'st#####.##gitalcertvalidation.com':80
- 'microsoft.com':80
- 'oc##.thawte.com':80
TCP
Other
- 'pi#.##ixiongz.com':443
UDP
- DNS ASK pi#.##ixiongz.com
- DNS ASK st#####.##gitalcertvalidation.com
- DNS ASK microsoft.com
- DNS ASK oc##.thawte.com
Miscellaneous
Creates and executes the following
- '%WINDIR%\syswow64\cmd.exe' /c del /q "<Full path to file>"' (with hidden window)
Executes the following
- '%WINDIR%\syswow64\cmd.exe' /c del /q "<Full path to file>"
