Technical Information
- '<SYSTEM32>\taskkill.exe' /F /PID "2380"
- %TEMP%\remove.bat
- 'bing.com':443
- 'google.com':443
- 'ya##o.com':443
- 'cn#.com':443
- 'microsoft.com':443
- 'fa###ook.com':443
- 'am##on.com':443
- 'tw##ter.com':443
- 'co###roject.com':443
- 'st####verflow.com':443
- 'en.###ipedia.org':443
- DNS ASK bing.com
- DNS ASK su###asyvpn.xyz
- DNS ASK ya##o.com
- DNS ASK google.com
- DNS ASK microsoft.com
- DNS ASK cn#.com
- DNS ASK am##on.com
- DNS ASK fa###ook.com
- DNS ASK tw##ter.com
- DNS ASK co###roject.com
- DNS ASK ed###on.cnn.com
- DNS ASK st####verflow.com
- DNS ASK en.###ipedia.org
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Remove.bat" "2380" "<Full path to file>""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Remove.bat" "2380" "<Full path to file>""
- '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 3