Technical Information
- '' (downloaded from the Internet)
- %TEMP%\svchost.exe
- <Current directory>\update.bat
- <Full path to file>
- 'wp#d':80
- 'rg#o.st':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://rg#o.st/download/8mKMJNC8S/fbe4ad9a9c55c00bcbc59e320b3478732f9c3502/fbe4ad9a9c55c00bcbc59e320b3478732f9c3502/sys.exe
- DNS ASK wp#d
- DNS ASK rg#o.st
- '%TEMP%\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c ""<Current directory>\update.bat" "