Technical Information
- <SYSTEM32>\cmd.exe
- %TEMP%\+~jf6515280344439122713.tmp
- <Current directory>\wh\wh.new
- nul
- %TEMP%\+~jf6515280344439122713.tmp
- from <Current directory>\wh\wh.new to <Current directory>\wh.exe
- 'es#.pe':443
- DNS ASK es#.pe
- '%ProgramFiles%\java\jre1.8.0_45\bin\javaw.exe' -Dlaunch4j.exedir="<Current directory>" -Dlaunch4j.exefile="<Full path to file>" -Dhttps.protocols="TLSv1.2" -jar "<Full path to file>"
- '<SYSTEM32>\cmd.exe' "/c ""<SYSTEM32>\ping.exe" -n 2 127.0.0.1>nul && del /f /q "<Full path to file>" && move /y "<Current directory>\WH\WH.new" "<Current directory>\WH.exe"""
- '<SYSTEM32>\ping.exe' -n 2 127.0.0.1