Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /f /im new_.exe
- %TEMP%\nsg4bcf.tmp\nsexec.dll
- %LOCALAPPDATA%\btest\new_.exe.config
- %LOCALAPPDATA%\btest\app.config
- %LOCALAPPDATA%\btest\new_.exe
- %TEMP%\nsg4bcf.tmp\nsexec.dll
- http://10#.#01.148.40/urltravel/p10.php?v=#########
- ClassName: '' WindowName: ''
- '%LOCALAPPDATA%\btest\new_.exe' "http://10#.#01.148.40/urltravel/p10.php?v=##"
- '%WINDIR%\syswow64\taskkill.exe' /f /im new_.exe' (with hidden window)