Technical Information
- %TEMP%\runtimebroker.exe
- nul
- %TEMP%\runtimebroker.exe
- '15#.#01.149.113':3636
- 'ra#.####ubusercontent.com':443
- DNS ASK ra#.####ubusercontent.com
- '%TEMP%\runtimebroker.exe'
- '%WINDIR%\syswow64\cmd.exe' /C ping 1.1.1.1 -n 1 -w 100 > Nul & Del "<Full path to file>"& ping 1.1.1.1 -n 1 -w 900 > Nul & Del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C ping 1.1.1.1 -n 1 -w 100 > Nul & Del "<Full path to file>"& ping 1.1.1.1 -n 1 -w 900 > Nul & Del "<Full path to file>"
- '%WINDIR%\syswow64\ping.exe' 1.1.1.1 -n 1 -w 100
- '%WINDIR%\syswow64\ping.exe' 1.1.1.1 -n 1 -w 900