Technical Information
- %WINDIR%\syswow64\secinit.exe
- %WINDIR%\syswow64\pswzcfm.dll
- %TEMP%\7829.bat
- %TEMP%\qtxadg.dll
- %TEMP%\ehloruye.dll
- %TEMP%\rcxd364.tmp
- from %TEMP%\rcxd364.tmp to %TEMP%\ehloruye.dll
- http://ao#.####batllesgrounds.com/terminal/start-up
- DNS ASK ao#.####batllesgrounds.com
- DNS ASK pr#########ront.playbattlegrounds.com
- ClassName: 'sdfasdfasfasdf' WindowName: 'sdfasdfasfasdf'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7829.bat" "' (with hidden window)
- '%WINDIR%\syswow64\secinit.exe' -k cvSemiTteN
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7829.bat" "
- '%WINDIR%\syswow64\ping.exe' 1.0.0.1 -n