Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /F /PID 2056
- %TEMP%\remove.bat
- 'ip##pi.com':80
- 'google.com':443
- 'google.com':443
- DNS ASK ip##pi.com
- DNS ASK google.com
- DNS ASK et###bonus.net
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\Remove.bat" 2056 <Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\Remove.bat" 2056 <Full path to file>"
- '%WINDIR%\syswow64\choice.exe' /C Y /N /D Y /T 3