Technical Information
- 'da##per.com':80
- 'hu###omains.com':443
- http://da##per.com/pimuowecw/vytxsmu.php?ad########
- http://da##per.com/pimuowecw/qdlsn.php?ad########
- http://da##per.com/pimuowecw/neygn.php?ad########
- http://da##per.com/pimuowecw/ofmupwryg.php?ad########
- http://da##per.com/pimuowecw/jjdlsnvtov.php?ad########
- http://da##per.com/pimuowecw/vvqkfy.php?ad########
- http://da##per.com/pimuowecw/kxszhbwdcj.php?ad########
- http://da##per.com/pimuowecw/lpkezhfmu.php?ad########
- http://da##per.com/pimuowecw/hytniqkszx.php?ad########
- http://da##per.com/pimuowecw/lpkez.php?ad########
- http://da##per.com/pimuowecw/sjaipk.php?ad########
- http://da##per.com/pimuowecw/neipnvqx.php?ad########
- http://da##per.com/pimuowecw/ffaucji.php?ad################################################
- 'hu###omains.com':443
- DNS ASK ca##azy.com
- DNS ASK da##per.com
- DNS ASK hu###omains.com
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul