Technical Information
- C:\2.bat
- 'fg##chr.cn':88
- 'do####ad.iciba.com':80
- http://do####ad.iciba.com/upwl/powerwordlite.38452.0.exe
- DNS ASK fg##chr.cn
- DNS ASK do####ad.iciba.com
- '%WINDIR%\syswow64\cmd.exe' /c echo ping 127.1 -n 3 >nul 2>nul >c:\2.bat&echo del "<Full path to file>">>c:\2.bat&echo del c:\2.bat>>c:\2.bat&c:\2.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c echo ping 127.1 -n 3 >nul 2>nul >c:\2.bat&echo del "<Full path to file>">>c:\2.bat&echo del c:\2.bat>>c:\2.bat&c:\2.bat
- '%WINDIR%\syswow64\ping.exe' 127.1 -n 3