Technical Information
- %WINDIR%\temp\cabe82c.tmp
- %WINDIR%\temp\tare82d.tmp
- nul
- %WINDIR%\temp\cabe82c.tmp
- %WINDIR%\temp\tare82d.tmp
- 'ne###lose.vip':80
- 'zu##ab.de':80
- 'localhost':49176
- 'cc##m.to':443
- 'microsoft.com':80
- http://ne###lose.vip/
- http://zu##ab.de/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'localhost':49177
- 'cc##m.to':443
- DNS ASK ne###lose.vip
- DNS ASK zu##ab.de
- DNS ASK cc##m.to
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\cmd.exe' /C ping 8.8.8.8 -n 1 -w 4002 > Nul & Del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C ping 8.8.8.8 -n 1 -w 4002 > Nul & Del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\ping.exe' 8.8.8.8 -n 1 -w 4002