Technical Information
- '%WINDIR%\explorer.exe' /c, C:\Users\Public\Iqvj6i8.js
- C:\users\public\iqvj6i8.js
- nul
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK ku#####ia8r.p6nkq.ga
- DNS ASK oc##.thawte.com
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Iqvj6i8.js"
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Iqvj6i8.js"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p ef6u0Oi="%MJM:IAIROE=%%8aFrxh6:1LOCX=/%" 0<nul 1>C:\Users\Public\Iqvj6i8.js"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" exit 1>nul"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo VJD8R3HQCVE5I2ELQMJD726EHCBHLI8IHCB26U9AIRIU6R9DIZMU6IKHJBXE46LEYQZMD824EKCV4IQ3ALQVD6I8ALNVH2LTDFMMR2LKDJBXR6LKOIBXE4I4HYJZJFQ2HLIZJ7IL9FKXHD7I29FCVJ2LE6 1>nul"