Technical Information
- '<SYSTEM32>\taskkill.exe' /F /im rundll32.exe
- '<SYSTEM32>\taskkill.exe' /F /im powershell.exe
- %TEMP%\G.js
- %TEMP%\.rpwrf
- %TEMP%\rpwrf_rpwrf_rpwrf.afpqkdwdwe
- 'pd###ntar.tk':80
- http://pd###ntar.tk/pedro.php?do######
- DNS ASK pd###ntar.tk
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\G.js"
- '<SYSTEM32>\cmd.exe' /k c: & cd & cd %HOMEPATH%\Local Settings\Temp & <SYSTEM32>\rundll32.exe rpwrf_rpwrf_rpwrf.afpqkdwdwe, dP
- '<SYSTEM32>\rundll32.exe' rpwrf_rpwrf_rpwrf.afpqkdwdwe, dP