Technical Information
- '<SYSTEM32>\taskkill.exe' /PID 2860
- %TEMP%\ezHelpDownloader.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\server_update_info[1].txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\server[1].bin
- %APPDATA%\ezhelp_update\server.bin
- from %TEMP%\ezHelpDownloader.exe to <Full path to file>
- 'localhost':1036
- '99#9.jp':80
- 'wo####ovelaw.com':80
- http://99#9.jp/update/ezhelp/server_update_info.txt
- http://99#9.jp/update/ezhelp/server.bin
- http://www.wo####ovelaw.com/image/woori_camp.jpg via wo####ovelaw.com
- DNS ASK 99#9.jp
- DNS ASK www.wo####ovelaw.com
- ClassName: '' WindowName: ''
- '%TEMP%\ezHelpDownloader.exe' server http://99#9.jp/update
- '<SYSTEM32>\cmd.exe' /c taskkill /PID 2860 & move /Y "%TEMP%\ezHelpDownloader.exe" "<Full path to file>"