Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\rjarnoejyp.url
- regasm.exe
- %TEMP%\ixp000.tmp\strette.xls
- %TEMP%\ixp000.tmp\attesa.wpd
- %TEMP%\ixp000.tmp\come.mp3
- %TEMP%\ixp000.tmp\scegliendo.vssm
- %TEMP%\ixp000.tmp\tipo.com
- %APPDATA%\rzvglpdthf\rasnq
- %APPDATA%\rzvglpdthf\rjarnoejyp.com
- %APPDATA%\rzvglpdthf\come.mp3
- %APPDATA%\rzvglpdthf\uzqyjpsrkg.js
- %TEMP%\ixp000.tmp\regasm.exe
- %APPDATA%\logs\03-21-2021
- %TEMP%\ixp000.tmp\attesa.wpd
- %TEMP%\ixp000.tmp\come.mp3
- %TEMP%\ixp000.tmp\scegliendo.vssm
- %TEMP%\ixp000.tmp\strette.xls
- %TEMP%\ixp000.tmp\regasm.exe
- %TEMP%\ixp000.tmp\tipo.com
- 'ip##pi.com':80
- '5.###.94.117':5353
- '5.###.94.117':5353
- DNS ASK Yq#####FgA.YqunvQYFgA
- DNS ASK ip##pi.com
- '%TEMP%\ixp000.tmp\tipo.com' Attesa.wpd
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Scegliendo.vssm' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c htvE' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c htvE
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Scegliendo.vssm
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\findstr.exe' /V /R "^vFtzcDGfThlphHZkXPcFcBZozaXskkDYsbBKeWULxGzzOcyfqytYxClUFWqrGftHKjRPygoqUKlOiFzYhHduiEDPjHyuWRtyCMJBDfpLWrrKsvMZCwPYYYAyJwCn$" Strette.xls
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 30