Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /PID 2216 /F
- %WINDIR%\qs.txt
- %WINDIR%\5794.bat
- %WINDIR%\qs.txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\ok[1].txt
- http://12#.##9.36.209:6666/8b8a34b38bfc0d2eb92514d4685e5d9c.txt via 12#.#99.36.209
- http://11#.##.120.218:50145/ok.txt?50### via 11#.#1.120.218
- http://11#.##.120.218:50204/b88419e2e5b1949404694c88c6ac59fb.zip via 11#.#1.120.218
- DNS ASK bC#####v.adkuai8.com
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\5794.bat' (with hidden window)
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\performance\svchost.exe...
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\5794.bat
- '%WINDIR%\syswow64\ping.exe' -n 5 127.0.0.1