Technical Information
- %TEMP%\r3update.exe
- <Current directory>\error2.bat
- %TEMP%\r3update.exe
- <Current directory>\error2.bat
- 'google.com':80
- 'a0####89.xsph.ru':80
- http://www.google.com/
- http://a0####89.xsph.ru/Injector.exe
- DNS ASK google.com
- DNS ASK a0####89.xsph.ru
- '%TEMP%\r3update.exe'
- '%TEMP%\r3update.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""<Current directory>\error2.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 0 & Del "<Full path to file>' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 0 & Del "%TEMP%\r3Update.exe' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""<Current directory>\error2.bat" "
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 0 & Del "<Full path to file>
- '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 0
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 0 & Del "%TEMP%\r3Update.exe