Technical Information
- <SYSTEM32>\cmd.exe
- %TEMP%\aut2.tmp
- %TEMP%\qwe.exe
- %TEMP%\aut1.tmp
- %TEMP%\zxzc.bat
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'ip###ger.com':443
- DNS ASK ip###ger.com
- '%TEMP%\qwe.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\qwe.exe
- '<SYSTEM32>\cmd.exe' /c %TEMP%\zxzc.bat /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-