Technical Information
- <PATH_SAMPLE>\<File name>.exe
- <PATH_SAMPLE>.lnk
- 'pk.##ren.vip':1111
- http://12#.##.70.93:1111/HttpApiGb.ashx?ac#################
- http://12#.##.70.93:1111/HttpApiGb.ashx?ac#######################################################################################################################################################...
- DNS ASK pk.##ren.vip
- '<PATH_SAMPLE>\<File name>.exe'
- '%WINDIR%\syswow64\cmd.exe' /c icacls <Current directory>' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <PATH_SAMPLE> /e /t /p everyone:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c icacls <PATH_SAMPLE>' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c icacls <Current directory>
- '%WINDIR%\syswow64\icacls.exe' <Current directory>
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <PATH_SAMPLE> /e /t /p everyone:N
- '%WINDIR%\syswow64\cacls.exe' <PATH_SAMPLE> /e /t /p everyone:N
- '%WINDIR%\syswow64\cmd.exe' /c icacls <PATH_SAMPLE>
- '%WINDIR%\syswow64\icacls.exe' <PATH_SAMPLE>