Technical Information
- %TEMP%\cd190.tmp
- %TEMP%\cd1cf.tmp
- <Current directory>\get.bat
- %TEMP%\cd190.tmp
- %TEMP%\cd1cf.tmp
- <Current directory>\get.bat
- <Current directory>\get.bat
- from <Full path to file> to %TEMP%\po520\840268\....\840268
- '15#.#3.184.240':8888
- 'pv.#ohu.com':80
- http://pv.#ohu.com/cityjson
- DNS ASK pv.#ohu.com
- ClassName: '' WindowName: '0user.exe'
- '%WINDIR%\syswow64\cmd.exe' /c Get.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c Get.bat
- '%WINDIR%\syswow64\findstr.exe' "8513"
- '%WINDIR%\syswow64\findstr.exe' "6324"
- '%WINDIR%\syswow64\findstr.exe' "2262"
- '%WINDIR%\syswow64\findstr.exe' "7184"
- '%WINDIR%\syswow64\findstr.exe' "4196"
- '%WINDIR%\syswow64\findstr.exe' "7518"
- '%WINDIR%\syswow64\findstr.exe' "4191"
- '%WINDIR%\syswow64\findstr.exe' "8222"
- '%WINDIR%\syswow64\findstr.exe' "4548"
- '%WINDIR%\syswow64\findstr.exe' "7961"
- '%WINDIR%\syswow64\findstr.exe' "4500"
- '%WINDIR%\syswow64\findstr.exe' "7969"
- '%WINDIR%\syswow64\findstr.exe' "4916"
- '%WINDIR%\syswow64\findstr.exe' "8780"
- '%WINDIR%\syswow64\findstr.exe' "4502"
- '%WINDIR%\syswow64\findstr.exe' "8060"
- '%WINDIR%\syswow64\findstr.exe' "4820"
- '%WINDIR%\syswow64\findstr.exe' "4488"
- '%WINDIR%\syswow64\netstat.exe' -aon
- '%WINDIR%\syswow64\findstr.exe' "5077"
- '%WINDIR%\syswow64\findstr.exe' "1647"