Technical Information
- '%WINDIR%\explorer.exe' /c, C:\Users\Public\Pictures\0aWUIHJ.js
- C:\users\public\pictures\0awuihj.js
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- 'n7#######c9.osieofcorizon.fun':443
- DNS ASK n7#######c9.osieofcorizon.fun
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Pictures\0aWUIHJ.js"
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Pictures\0aWUIHJ.js"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /S /D /c" sET/p uudf78h="%OFH:INCARY=%%rhsj466:1LNFO=/%" 0<NUL 1>C:\Users\Public\Pictures\0aWUIHJ.js"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" CAll %QQC:UJLNA=% C:\Users\Public\Pictures\0aWUIHJ.js"
- '<SYSTEM32>\cmd.exe' /S /D /c" exit"