Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /im "<File name>.exe" /f
- %TEMP%\5983987830.exe
- 'ho###rtsfog.com':80
- 'mo###vpn.com':80
- 'ip###ger.org':80
- 'ip###ger.org':443
- http://ho###rtsfog.com/checkversion.php?so###########
- http://mo###vpn.com/exe/MoscoVPN_win_v1.24.1.exe
- http://ip###ger.org/1jiiu7
- DNS ASK ho###rtsfog.com
- DNS ASK mo###vpn.com
- DNS ASK ip###ger.org
- '%TEMP%\5983987830.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start /I "" "%TEMP%\5983987830.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c start /I "" "%TEMP%\0700348380.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "<File name>.exe" /f & erase "<Full path to file>" & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c start /I "" "%TEMP%\5983987830.exe"
- '%WINDIR%\syswow64\cmd.exe' /c start /I "" "%TEMP%\0700348380.exe"
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "<File name>.exe" /f & erase "<Full path to file>" & exit