Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /im "<File name>.exe" /f
- 'ho###rtsfog.com':80
- 'mo###vpn.com':80
- http://ho###rtsfog.com/checkversion.php?so###########
- http://mo###vpn.com/exe/MoscoVPN_win_v1.24.1.exe
- DNS ASK ho###rtsfog.com
- DNS ASK mo###vpn.com
- '%WINDIR%\syswow64\cmd.exe' /c start /I "" "%TEMP%\0993139583.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c start /I "" "%TEMP%\0698876393.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "<File name>.exe" /f & erase "<Full path to file>" & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c start /I "" "%TEMP%\0993139583.exe"
- '%WINDIR%\syswow64\cmd.exe' /c start /I "" "%TEMP%\0698876393.exe"
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "<File name>.exe" /f & erase "<Full path to file>" & exit