Technical Information
- <SYSTEM32>\cmd.exe
- <Current directory>\qfblarf6.exe
- nul
- from <Current directory>\qfblarf6.exe to <Current directory>\qfblarfp.com
- 'um###erver.ru':12845
- DNS ASK um###erver.ru
- '<Current directory>\qfblarf6.exe'
- '<Current directory>\qfblarf6.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 2200 > Nul & Del /f /q "<Full path to file>"
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 2200
- '<SYSTEM32>\cmd.exe' <Current directory>\qfblarf6.exe
- '<SYSTEM32>\cmd.exe' /c ping 1.1.1.1 -n 1 -w 1700 > Nul & rename "<Current directory>\qfblarf6.exe" "qfblarfp.com"
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 1700