can anybody tell what this exe is doing.
Obfuscated strings from inside.
Code: Select all
"Software\\Microsoft"
"\\Windows\\Currentversion\\Run"
"Taskhst"
"Environment"
"Cq"
"cmd /c start %Cq% "
"&& exit"
"ntuser"
"toolsd.exe"
"aday.primeservices.mobi"
"/IXR/goprim.php"
"Connection: keep-alive"
"Content-type: application/x-www-form-urlencoded"
