Technical Information
- %TEMP%\c77ed.tmp.bat
- C:\crsed.ini
- <Full path to file>
- from <Full path to file> to %TEMP%\[d6de587b6522f7661d910a32b2247da7]
- 'xh##88.cc':88
- http://www.xh###8.cc:88/kss_io/io.php?v=################################################ via xh##88.cc
- DNS ASK xh##88.cc
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\c77ed.tmp.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\c77ed.tmp.bat