Technical Information
- '' (downloaded from the Internet)
- C:\Process.exe
- from <Full path to file> to %TEMP%\131953\...\TemporaryFile
- from C:\Process.exe to <Current directory>\Process.exe
- 'ft#######2.host706.zhujiwu.me':80
- 'sh###n520.site':80
- http://ft#######2.host706.zhujiwu.me/1.txt
- http://sh###n520.site/Process.exe
- DNS ASK ft#######2.host706.zhujiwu.me
- DNS ASK sh###n520.site
- ClassName: '' WindowName: ''
- '<Current directory>\Process.exe'
- '<SYSTEM32>\cmd.exe' /c move /y "C:\Process.exe" "<Current directory>\Process.exe"