Technical Information
- <Drive name for removable media>:\java\javaupdater.exe
- <Drive name for removable media>:\correct.avi
- %PROGRAMDATA%\java\correct.ico
- %APPDATA%\java.exe
- %TEMP%\ez4sb9lz.0.vb
- %TEMP%\ez4sb9lz.cmdline
- %TEMP%\ez4sb9lz.out
- <Drive name for removable media>:\java\javaupdater.exe
- %TEMP%\ez4sb9lz.cmdline
- %TEMP%\ez4sb9lz.0.vb
- 'ha######hackers.ddns.net':27017
- DNS ASK ha######hackers.ddns.net
- '%APPDATA%\java.exe'
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ez4sb9lz.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\h6cwbt1s.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6115.tmp" "%TEMP%\vbc6114.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ez4sb9lz.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\h6cwbt1s.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6115.tmp" "%TEMP%\vbc6114.tmp"