Technical Information
- %TEMP%\12648.exe
- http://ts###.ru:801/xmr_.exe via ts##3.ru
- DNS ASK ts##3.ru
- DNS ASK wo##.top
- '%TEMP%\12648.exe'
- '%WINDIR%\notepad.exe' -c "%ALLUSERSPROFILE%\PnQssBdbSh\cfg"
- '%WINDIR%\syswow64\cmd.exe' /C WScript "%ALLUSERSPROFILE%\PnQssBdbSh\r.vbs"