Technical Information
- %ProgramFiles(x86)%\steam\winhttp.dll
- %WINDIR%\syswow64\svcost.exe
- <Current directory>\update.temp
- <Current directory>\tem.vbs
- %ProgramFiles(x86)%\steam\winhttp.dll
- %WINDIR%\syswow64\svcost.exe
- <Current directory>\tem.vbs
- from <Current directory>\update.temp to <Current directory>\´ó¶ó³¤v5.exe
- http://11#.#88.241.228/one/ґу¶Уі¤.exe
- ClassName: '<File name>.exe' WindowName: '<File name>.exe'
- ClassName: '´ó¶Ó³¤V5.exe' WindowName: '´ó¶Ó³¤V5.exe'
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\svcost.exe'
- '<Current directory>\´ó¶ó³¤v5.exe'
- '%WINDIR%\syswow64\wscript.exe' "<Current directory>\tem.vbs"
- '%WINDIR%\syswow64\svcost.exe' ' (with hidden window)