Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /pid 2860
- %ALLUSERSPROFILE%\446234319267018\temp-shm
- %ALLUSERSPROFILE%\446234319267018\temp-shm
- %ALLUSERSPROFILE%\446234319267018\temp-shm
- 'la######.worldofwarcraft.com':80
- DNS ASK la######.worldofwarcraft.com
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /pid 2860 & erase %TEMP%\<File name>.exe & RD /S /Q C:\\ProgramData\\446234319267018\\* & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /pid 2860 & erase %TEMP%\<File name>.exe & RD /S /Q C:\\ProgramData\\446234319267018\\* & exit