Technical Information
- %TEMP%\wc61f7c26e812.exe
- <Full path to file>
- DNS ASK id#s.ru
- DNS ASK fa###space.ru
- '%TEMP%\wc61f7c26e812.exe' 888 "<Full path to file>"
- '%WINDIR%\syswow64\cmd.exe' /C start %TEMP%\wc61f7c26e812.exe 888 "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C start %TEMP%\wc61f7c26e812.exe 888 "<Full path to file>"